Re: VPN issues on DSL

alsorobocat · ‎10-21-2003

I've got a 501 PIX connecting to a 3005, that keeps going down. It comes back up great when I shutdown and reload the outside interface (eth0), but I need to do it evry 40 minutes during the working day.

the 3005 has 5 other 501's connecting to it and I am the only one using DSL and going down.

The interface is telling me that evrything looks great except Collisions and Deferred.

This is an excerpt after 1h30 up

interface ethernet0 "outside" is up, line protocol is up

Hardware is i82559 ethernet, address is 000d.bc7e.dc41

IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.248

MTU 1500 bytes, BW 10000 Kbit half duplex

396543 packets input, 151305101 bytes, 0 no buffer

Received 1 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

326998 packets output, 38718080 bytes, 0 underruns

0 output errors, 156 collisions, 0 interface resets

0 babbles, 0 late collisions, 7243 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/7)

output queue (curr/max blocks): hardware (0/18) software (0/1)

interface ethernet1 "inside" is up, line protocol is up

Hardware is i82559 ethernet, address is 000d.bc7e.dc42

IP address 10.200.4.100, subnet mask 255.255.255.0

MTU 1500 bytes, BW 100000 Kbit full duplex

338575 packets input, 24552737 bytes, 0 no buffer

Received 3066 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

398404 packets output, 131932106 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/18)

output queue (curr/max blocks): hardware (1/4) software (0/1)

pkapoor · ‎10-21-2003

If you are not using static IP on the PIX outside, then it could be something with renewing the dynamic IP.

If you are doing DHCP on the outside interface i.e. the PIX is a DHCP client run the following debugs.

debug dhcpc packet

debug dhcpc detail

debug dhcpc error

If you are doing PPPoE, run the following debugs.

debug pppoe event | error | packet

event—Displays protocol event information

error—Displays error messages

packet—Displays packet information

Hope this helps.

Paras

alsorobocat · ‎10-22-2003

Thanks, but I am not running DHCP or PPoE

CAT

athompson · ‎10-22-2003

I currently have the exact scenario for about 40 remote sites. All running DSL/501 to a 3005. What type of DSL router are you using? I would check the router to see if you have any errors on the interface. Also check your DSL error rates as well. You might have a line that is flapping.

HTH

Andy

alsorobocat · ‎10-23-2003

The DSL provider has run several tests on line line and said that it clean. I am less than 2000 feet from the DSL pop. The DSL modem is speed stream 5260, and there is no otehr device between it and the PIX.

athompson · ‎10-23-2003

Do you have access to the SpeedStream? Are there any errors that it's taking? It's a long shot, but have you replaced the 501 with another 501? What version of code on the 501 are you running at?

cscott · ‎11-26-2003

Resurrection of an old thread I know...but I'm having the exact same problem across 8 sites except the 501's are coming back into a 515. Some of the 501's are using DHCP, some are using statics through dedicated T-1 circuits. It seems to happen about once an hour when theres a lot of traffic going over the tunnel during the working day, and it happens a couple times overnight. Any clues?

alsorobocat · ‎11-26-2003

I have given up. I worte a script to use with some telnet program (forgot the name right now) so that when it happens the interface Eth0 is shut and reloaded. it takes about 10 seconds. If its not the ISP then it's the DSL modem.

cscott · ‎11-28-2003

Open a case with TAC. That's what I'm going to do on Monday.