cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
329
Views
0
Helpful
2
Replies

VPN site to site with 2Mbit telco leased line connection

aessome
Level 1
Level 1

Hello Guys

I configue a VPN Site to Site with Leased Line and every things work fine

Zentral PIX 535

Branch Office Cisco 2620

the prob is, sometime if the branch is close (nobody working) at this time and the tunnel lifetime ist done, the Admin on the zentrale behind the PIX is not able to ping or connect to any server on the branch office.

cann you tell me what to do and solve this ?

Thankx

Alain

2 Replies 2

alexis.fidalgo
Level 1
Level 1

-Check the ACL that apply to the IPSEC traffic (to see if they match at both ends)

- Start a debug in the 535 with the SA down (or shut it) then start the pings from the NET behind the 535 and see if the tunnel starts or the error messages, and do this in the 2620 too.

(Commands related in the 535)

clear crypto isakmp sa

debug crypto ipsec

debug crypto isakmp

(commands related in the 2620)

debug crypto ipsec

debug crypto isakmp

clear crypto sa

show crypto engine connections active

I think it could be a problem related to peer declarations in the 535.

both end have fixed IP addresses? i mean, no dhcp clients or dynamic maps?

Alexis

Hi Alexis,

thank for your help: I check it. but the prob is that the tunnel sometime going down i put the life time on 86400 but the tunnel is also going down maybe someone have experience with this.

see the show crypto isakmp sa on the zentral Firewall

-------------------------------------------------------------------------------------

PTFW101# sh cry is sa 10:52

Total : 6

Embryonic : 0

dst src state pending created

213.70.26.36 139.4.136.122 QM_IDLE 0 3

213.70.26.36 146.188.38.30 QM_IDLE 0 5

213.70.26.36 139.4.134.58 QM_IDLE 0 6

213.70.26.36 139.4.136.118 QM_IDLE 0 11

213.70.26.36 212.75.32.25 QM_IDLE 0 2

213.70.26.36 139.4.139.74 QM_IDLE 0 2

PTFW101#

----------------------------------

PTFW101# sh cry isa sa 11:06

Total : 7

Embryonic : 0

dst src state pending created

213.70.26.36 139.4.136.122 QM_IDLE 0 4

213.70.26.36 146.188.38.30 QM_IDLE 0 5

213.70.26.36 139.4.134.58 QM_IDLE 0 7

213.70.26.36 139.4.136.118 QM_IDLE 0 13

213.70.26.36 212.75.32.25 QM_IDLE 0 2

213.70.26.36 212.75.32.25 QM_IDLE 0 0

213.70.26.36 139.4.139.74 QM_IDLE 0 2

PTFW101#

------------------------------------------------------

PTFW101# sh cry is sa 11:47

Total : 5

Embryonic : 0

dst src state pending created

213.70.26.36 139.4.136.122 QM_IDLE 0 5

213.70.26.36 139.4.134.58 QM_IDLE 0 1

213.70.26.36 139.4.136.118 QM_IDLE 0 14

213.70.26.36 212.75.32.25 QM_IDLE 0 2

213.70.26.36 139.4.139.74 QM_IDLE 0 3

PTFW101#

---------------------------------------------------------

PTFW101# sh cry isa sa 11:58

Total : 5

Embryonic : 0

dst src state pending created

213.70.26.36 139.4.136.122 QM_IDLE 0 5

213.70.26.36 146.188.38.30 QM_IDLE 0 1

213.70.26.36 139.4.134.58 QM_IDLE 0 1

213.70.26.36 212.75.32.25 QM_IDLE 0 3

213.70.26.36 139.4.139.74 QM_IDLE 0 3

PTFW101#

--------------------------------

PTFW101# sh cry is sa 12:03

Total : 6

Embryonic : 0

dst src state pending created

213.70.26.36 139.4.136.122 QM_IDLE 0 6

213.70.26.36 146.188.38.30 QM_IDLE 0 1

213.70.26.36 139.4.134.58 QM_IDLE 0 2

213.70.26.36 139.4.136.118 QM_IDLE 0 1

213.70.26.36 212.75.32.25 QM_IDLE 0 2

213.70.26.36 139.4.139.74 QM_IDLE 0 3

thanks for any help

Alain

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: