Solved

Cisco PIX to Cisco VPN drops connection periodically

Posted on 2004-09-02
6
620 Views
Last Modified: 2011-04-14
I have a Cisco Pix 506e connecting via a T1 line to a Cisco Device on the other end. I'm not exactly sure of the device on the other end, but it does handle multiple VPNs without the others having problems.

Currently to fix it we turn it off then on and it and it resolves the problem.

I'm looking to determine the cause. What commands are available on the PIX to try to diagnose the problem? Are there any third party tools available to help?

Thanks,
Ron
0
Comment
Question by:youritstaff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 11

Assisted Solution

by:billwharton
billwharton earned 100 total points
ID: 11963222
No third party tools i have come across.

You could use these commands which show you the state of your connection and the debug commands show you live output for your vpn tunnels.
show crypto ipsec sa
show crypto isakmp sa

debug crypto ipsec
debug crypto isakmp
0
 

Author Comment

by:youritstaff
ID: 11963884
Thank you for your post. I've used those command initially to debug the initial connectivity. I didn't think they'll help me in this instance. Is there anyway to write the output to a log file so that I can go through the info after an outage.

Also, is there any way to check for memory leaks?

Thanks again.
0
 
LVL 36

Assisted Solution

by:grblades
grblades earned 100 total points
ID: 11964280
Hi youritstaff,
Check to see what IOS version the remote device is running and see if you can get an upgrade. This might be free if the problem you are experiencing is a known problem.

Also check the key lifetimes are set to identical values at both ends.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Accepted Solution

by:
clkemp earned 200 total points
ID: 11966155
How often does it drop? Weekly? Daily? Hourly?  Can you post the crypto section from the pix with passwords and ip's changed?  If you have the same info from the host end, please post it too.  More information will help diagnose the problem.

You can send system messages to a syslog server.  Pick up a syslog server for windows from Kiwi software (www.kiwisyslog.com).  Setup your pix to send all messages to the syslog server.

logging on
logging host server_ip_address
logging facility 20
logging trap informational
0
 
LVL 1

Assisted Solution

by:tevens
tevens earned 100 total points
ID: 11973634
Most likely the reason why you can re-establish the connection on reboot is because one side adjusts to match your config during establishment.  Verify that both ISAKMP and IPSEC proposals match on both sides.  Make sure that both sides select the correct proposal first.  Sometimes the problem lies with having the proposal order the same on both sides.

--Tim
0
 

Author Comment

by:youritstaff
ID: 12373882
Thank you everyone for your help. It turned out to be the linksys switch between the cisco router and switch. I distributed the points as they all helped in one way or another.
0

Featured Post

Schedule a Tour of the ATEN booth at InfoComm 2017

Tour the ATEN booth to see the the Latest Addition to the Modular Matrix Switch Series, New 4K HDMI Over IP Extender and more! Enter ATEN's Ultimate Giveaway Sweepstakes for a chance to win one of several great prizes, including an ATEN US7220 2-Port Thunderbolt 2 Sharing Switch!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question