12-11-2006 03:01 PM - edited 03-11-2019 02:07 AM
Hello,
I just setup a VPN tunnel between 2 PIX's. But my PIX 501 drops the connection in about 10 minutes. What I noticed is that when I reload, I can ping outside ip addresses form the PIX and the tunnel is up. However, in 10 minutes the tunnel is down, I am not able to ping outside addreses anymore, but PC's behind the PIX still have full internet access. Any help will be greatly appreciated.
Thanks,
KDoshi
12-11-2006 03:23 PM
Hi ..
Check the configuration on both PIXes .. what are the value for the security association and isakmp policy lifetime ..? The below values shoudl be OK but make sure they are the same in both PIXes.
crypto ipsec security-association lifetime seconds 43200 (<- 12 hours)
isakmp policy 20 lifetime 86400 (<-24 Hours)
Also of course make sure that when the tunnel is down both PIXes still have Internet connectivity
I hope it helps .. please rate if it it does !!!
01-02-2007 03:58 PM
I had something like this happen.
Make sure your ISAKMP policies match. I had one site with the DH-Group 1 and the other one did not have any. This was causing my site without the DH1 to get disconnected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide