Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L Tunnel dropping between Concentrator & Pix

L2L Tunnel dropping between Concentrator & Pix because of inactivity.

As soon as peer start pinging us the tunnel come back, peer is using pix firewall.

FOR ike phase one, we have set the lifetime time set as 86400sec & for phase 2 is 28800

3 REPLIES
Silver

Re: L2L Tunnel dropping between Concentrator & Pix

When there is inactivity it is expected for the tunnel to drop for security reasons. Try to increase the timeout value for both the phase.

New Member

Re: L2L Tunnel dropping between Concentrator & Pix

I was having the same issue with a L2L VPN from an ASA5505 to a PIX515 using 7.X and 8.X software...

I was using the SAME ACL for my NONAT and my CRYPTO MAP... ie ACL 100

I found that after creating a second ACL for my CRYPTO MAP, ACL 141, that was identical to my NONAT ACL 100.. eliminated my syslog errors and my inactivity drops stopped...

I added the new ACL for the crypto to both the PIX and the ASA; and then made sure to intiate the interesting traffic so start the ipsec tunnel so it would stay up in a productive state.

New Member

Re: L2L Tunnel dropping between Concentrator & Pix

I just remembered... yes make sure the ACL's match on each end... I actually also disabled NAT-T as part of my changes..

If you provided a sample of your config I could compare...

158
Views
0
Helpful
3
Replies