Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1519
Views
0
Helpful
3
Replies

PIX Tunnel Lockup/Crash

kcmartin
Level 1
Level 1

‎03-19-2002 10:41 AM - edited ‎02-20-2020 10:00 PM

I have a PIX to PIX tunnel running from Head Office (515) to a branch office (520). I have second tunnel running from another branch office's router (1710) to the Head Office PIX. Most of the time, performance of these two tunnels is good/reliable. However, now and then, in the early morning hours, the tunnel stops passing packets to the branch offices. These outages (no ping response from branch office) can last for a few minutes, and then the tunnel returns to a functional state without intervention. The PIX is not down, only the tunnel.

I'm assuming the problem is with the Head Office PIX, as it's the termination point for both tunnels. We have WINS/DNS, the usual MS traffic, running across the tunnels all day without incident.

Does anyone have any ideas why this may be happening? I see nothing (traffic patterns, errors, etc...) in the Syslogs that indicate a problem prior to the lockups. Why do lockups occur only during periods of low traffic (early mornings/weekends)?

Thanks very much for your assistance.

0 Helpful
3 Replies 3

seggert
Level 1
Level 1

‎03-19-2002 11:21 AM

I ran across the same thing between a PIX and a 1700. If the tunnel was left up it would disconnect for no reason, stay dosconnected and then reconnect on its own. During the disconnection I could clear the ISAKMP SA and get it to work. The only resolution I got from TAC was to increase the lifetime. After that it seamed to go away...

0 Helpful

kcmartin
Level 1
Level 1
In response to seggert

‎03-19-2002 12:25 PM

Thanks for the response.

Unfortunately, the lifetimes on both the 1710 and the PIX are already set to 86400s (max).

0 Helpful

seggert
Level 1
Level 1
In response to kcmartin

‎03-19-2002 03:03 PM

Also, I was getting a "SPURIOS MEMORY ERROR" on the 1710 that was taking down the router. It was very infrequent and TAC had no real solution. I only saw it a few times during testing and never in production.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card