Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
4
Helpful
2
Replies

PIX 501

shoemakerjoel
Level 1
Level 1

‎08-11-2008 10:03 AM

I currently have a PIX 501 at a remote site and a site to site VPN to a ASA 5510. The remote site runs a POS software over the vpn that is located at HQ. The software will be running fine and the VPN drops and the application will freeze. The remote VPN is not able to intiate the vpn. We can RDP across teh VPN from HQ to remote and the VPN is reintiated and everything is good. This seems to be happening more and more and is becoming a large problem. Also, it seems if we do a constant ping from the remote side to the HQ server the VPN never causes a problem. Also, I have tried to disable keep alives on the ASA(HQ) side and this did not seem to help. Any help would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎08-11-2008 10:55 AM

You could run dead peer detection on both devices to keep the tunnel alive.

ASA

tunnel-group x.x.x.x ipsec-attributes

isakmp keepalive threshold 30 retry 2

PIX

isakmp keepalive 30 2

shoemakerjoel
Level 1
Level 1
In response to acomiskey

‎08-13-2008 10:05 AM

I actually having this same issue happen to two sites. I did the above on both and it seemed to fix one but not the other. Would you recommend to disable keep alives completely?

0 Helpful
Customers Also Viewed These Support Documents