Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX VPN tunnel keeps dropping

Status
Not open for further replies.
cambo2k

cambo2k

MIS
Feb 7, 2001
111
CA
A Pix at a remote location keeps having the tunnel dropped.
I added 'isakmp keepalive 1800 60' to try and keep the tunnel open, however it keeps dropping. The ISP (Bell DSL) says that there is nothing wrong with the circuit. The only other device on the DSL is a fax machine and we have a filter on the line (I have actually tried a couple of the filters just in case).
Any ideas on how to keep the tunnel open would be appreciated.
 
Sort by date Sort by votes
Have you been able to determine a pattern for the timeout? Like every 60 minutes or so. One good way to stop timeoutes is to have a device poll the line. There are good free programs on downloads.com. You can search for network monitor. Or write a script to ping a device on the DSL end every 30 minutes or so. The other culpit could be the line. Did the ISP monitor for 24 hours? The DSL modem may have an uptime on its stats. If the line is crap at certain intervals the line could be dropping then.
 
Upvote 0 Downvote
Thanks! I am going to put a trace on the line for 24 hours and see if the line is the issue. I was sending interesting traffic over the tunnel the other day and the line dropped. DSL is the likely culprit (or a bad PIX).

 
Upvote 0 Downvote
I would gamble that it is the line. I have had the same issue where the run to the telco was longer than normal and had caused attenuation or DSL modem is crap. I would also find out if it is a shared DSL line. Meaning does the line run directly to the office or to a building that your office is in?
 
Upvote 0 Downvote
Thanks - I will mention that when i contact them! Likely is the DSL.
 
Upvote 0 Downvote
I second the DSL issue. VPNs are not very forgiving of lines droping bits here and there. But I will add that the SSL VPN is much more robust than the traditional IPsec VPNs. The SSL VPN I use off the 3020 stay up for hours even over wireless at the coffee house or when our folks are traveling to some less civilized areas of the world.

MikeS

Home of the book "Network Security Using Linux"
 
Upvote 0 Downvote
The ISP has determined that ethere are issues with the line and the synch rate of the DSL. They are sending a technician (maybe even some time soon!! :0 )
Looks like the DSL was in fact the issue with the synch rate being over the capacity of the line.
Thanks for all you help!
 
Upvote 0 Downvote
I am having a similar problem, but I have been told by the DSL provider that everything is ok. We had the DSL mode replaced and switched out the PIX already. When your vpn was dropping did you see carrier lost errors on the interface?

Bill

 
Upvote 0 Downvote
I ruled out the PIX as the issue since I have had it up and running at another location for a week with no interuptions. Good thought though! The issue resides with our Bell DSL.
Cam
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
836
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
347
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
993
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
281
WhosYourDiffie
WhosYourDiffie
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
282
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top