I made a VPN site 2 site connection using PIX515E on my side (not sure about device on other side). Today the VPN connection was down all the day. however i could ping the other site using the real IP using the firewall itself.
I had to clear the SA of ISAKMP and IPSEC in order to repair the problem. (clear crypto isakmp SA and clear crypto ipsec SA) So i wonder, what could be wrong ?
Both sites have similar config:
Diffie-Hellmann Group 2
IKE keepalive: No
SA lifetime: 3600sec, 4608000 kByte
I thought the devices themself should maintain the connection, refresh it on demand... However it seems like they're not doing so, anything i can do ?
But isn't supposed that the connection to be maintained by firewall in some sort ? Maybe the problem is in the other side ? Why i should delete SAs ? is the problem in the first phase or second phase ? (from my config)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...