Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
1
Replies

PIX 7 vpn connection l2l timeout settings

valconix
Level 1
Level 1

‎02-13-2006 06:09 PM - edited ‎02-21-2020 02:15 PM

Hey All,

I've got the following setup. A couple of remote PIX FWs connected via vpn to a Cisco router sitting behind a Checkpoint FW at the Head Site. The VPN tunnel (ipsec l2l) itself is always up and running, no issues there. The problems appears when we burn the Checkpoint Firewall rulebase, which can take 5-10mins. This somehow, always disconnects the VPN connection. (The only way to bring it back up is to jump to the remote PIX to initate interesting traffic) Now this only happens on PIX 7.x FWs. Remote FWs running 6.3(x) doesn't have this issues. I've checked all ike/ipsec sa timeouts etc. and everything is exactly the same on the PIX and Cisco Router. I've play around with the isakmp keepalive threshold timeouts etc. event disabled it. But Still having the same problem. Anyone come across this before? or know a workaround/fix?

Thanks.

Labels:
0 Helpful
1 Reply 1

smahbub
Level 6
Level 6

‎02-17-2006 12:27 PM

This document describes how to configure LAN-to-LAN sessions between PIX Security Appliances, and also allows for a VPN Client to access the spoke network (PIX3) through the hub (PIX1). In addition, this document demonstrates the configuration for a static LAN-to-LAN tunnel with VPN Client to spoke connectivity through the hub PIX Security Appliance. PIX version 7.0 improves support for spoke-to-spoke VPN communications. PIX 7.0 provides the ability for encrypted traffic to enter and leave the same interface.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

0 Helpful
Customers Also Viewed These Support Documents