<div>
Client is claming it drops but whats the best way to tell for sure? Exactly what command can show the current status of the tunnel (how long its been up, when it came down, why it came down?). I have logging set to debug (if that helps).
</div>


Client is claming it drops but whats the best way to tell for sure? Exactly what command can show the current status of the tunnel (how long its been up, when it came down, why it came down?). I have logging set to debug (if that helps).

<div>
&gt; &nbsp;I have logging set to debug (if that helps).<br />
<br />
Thats good for temporary logging, I would not leave it at this level, change it to informational.<br />
<br />
&gt;Exactly what command can show the current status of the tunnel (how long its been up)<br />
<br />
<br />
<br />
show crypto ipsec sa<br />
show crypto isakamp sa<br />
<br />
Two great commands, you can view packets encapsulated and decapsulated to verify tunnel is running fine.<br />
It also displays the current security association with the peer address.<br />
<br />
<br />
harbor235
</div>


>  I have logging set to debug (if that helps).

Thats good for temporary logging, I would not leave it at this level, change it to informational.

>Exactly what command can show the current status of the tunnel (how long its been up)



show crypto ipsec sa
show crypto isakamp sa

Two great commands, you can view packets encapsulated and decapsulated to verify tunnel is running fine.
It also displays the current security association with the peer address.


harbor235

<div>
<div class="content wysiwyg-content">
Doe the IKE/IPsec VPN on a PIX site-site have an idle timout setting? I see what looks to be 3 timers, IKE SA lifetime, IPSec SA lifetime, and TIMEOUT CONN on the Pix 506. What is the resultant timeout value that would / could cause a tunnel to come down during idle times? Users are telneting over this tunnel and it looks like during idle times the tunnel is shutting down.<br />
<br />
Any ideas? Thanks in advance for your help.<br />
<br />

</div>
</div>


Doe the IKE/IPsec VPN on a PIX site-site have an idle timout setting? I see what looks to be 3 timers, IKE SA lifetime, IPSec SA lifetime, and TIMEOUT CONN on the Pix 506. What is the resultant timeout value that would / could cause a tunnel to come down during idle times? Users are telneting over this tunnel and it looks like during idle times the tunnel is shutting down.

Any ideas? Thanks in advance for your help.



IKE/IPSec tunnel is coming down - idle timeout?

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.