RE: [fw-wiz] VPN Tunnel Stalling

From: James Grayson (James.Grayson_at_energis.com)
Date: 02/24/05

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Username password VS hardware token plus PIN"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 24 Feb 2005 10:55:27 -0000
    
    

    That is exactly my problem, 3.6.5 concentrator to 6.3 PIX. Once a day
    the tunnel stalls, logging it out and in fixes it. I will see about
    getting the IOS upgraded.

    Thanks!

    James.

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Paul
    Melson
    Sent: 14 February 2005 14:43
    To: firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] VPN Tunnel Stalling

    What version of the VPN 3000 software is running on your concentrator,
    and
    what type and rev. is the remote endpoint?

    I saw a similar issue in the wild a couple years back with a 3015
    running
    one of the 3.x releases (afraid I can't be more specific - it was too
    long
    ago) and a PIX running 6.2 where after about 24 hours (perhaps not
    coincidentally the key exchange lifetime), the tunnel would go quiet.
    Administratively disconnecting the tunnel at either end and then passing
    matching traffic would bring the tunnel back up, as would restarting
    either
    device. The resolution was to upgrade the 3015's software.

    PaulM

    -----Original Message-----
    Subject: [fw-wiz] VPN Tunnel Stalling

    FW gurus,

    I'm having a particular problem with a site-to-site tunnel on a Cisco
    VPN
    Concentrator 3005 (Running 3.6.5). There are a number of other tunnels
    that
    work without issue, but one in particular stalls at least once a day and
    traffic stops (although the tunnel remains up). Forcing the session to
    log
    out and letting it come back up results in traffic being able to pass
    again.

    Any thoughts on a possible cause?

    Cheers,

    /j

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    At Energis we want our customers to succeed. That's why we really welcome
    your views on how we can improve our performance. If you have any comments,
    good or bad, please let us know by following this link to our feedback form:
    http://www.energis.com/Internet/pages/contacts/feedback.aspx?section=feedback

    ********************************************************
    This e-mail is sent by Energis Communications Limited and its contents
    are confidential and may be legally privileged.
    ********************************************************
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] Username password VS hardware token plus PIN"