EasyVPN PIX501->3000 Concentrator, tunnel dies when no traffic/idle

stormfidus · ‎04-12-2005

Hi all

I have the following setup:

PIX501 connected to VPN 3005 Concentrator by EasyVPN-network extension mode.

On the Concentrator, I have chcekd the user & group, and neither of them has idle-timeout & maximum connection time enabled, they are set to "0".

See attached pix config.

The problem:

When there is people at the remote site/traffic, where the PIX is located, everything works fine, as soon, as they leave work, some time after, there is no longer any connection. Thus the light on the PIX still indicates that the VPN tunnel is up, and on the Concentrator it also seemes connected, but its not.

ehirsel · ‎04-16-2005

What LED lights are you looking at on the pix and 3005 devices?

The next day when the users arrive at work, what has to happen for the vpn connection to get reestablished?

stormfidus · ‎04-16-2005

On the Pix501 it's the light that indicate if a VPN Tunnel is up. And on the 3005 Concentrator, I can see in the Web interface, that the session is listed under active sessions.

When users arrive next day, they have to turn the power off, on the Pix501 and turn it back on, to get the connection re-established.

deltaitdep · ‎04-18-2005

Hi,

I've had the same problem, however we did not implement EZVPN, we use a LAntoLAN setup between de PIX501 and VPNC3005.

Here's our solution:

On the VPNC side check the configuration on IKE PROPOSAL, see if it match with the PIX configuration:

IKE-3DES-MD5 instead of IKE-DES-MD5.

Hopely this will solve your problem.

Regards,

Phuong Banh

pbanh@delta.nl