Cisco VPN

[Niltinho]

Hi guys,

Currently I have about 30 clients connected via 837(adsl)/831(eth) VPNs to a PIX 6.3(my side). The problem I am having is sometimes the tunnel does not come up, I telnet to the public int of the router and reload the router, once back the tunnel is ok, it is very intermitent and the bad news is that tha traffic is actually initiate (interesting traficc) at the pix.
Does anyone had a similar problem and a solution for it, it is driving me nuts, it happens to about 3 clients(always the same ones, around once a week?

ps. tearing down the tunnel at the pix or router and sending interesting traficc anyway does not fix it only reloading the router.

Thanks

Niltinho
BEng,CCNA,MCSA,CNA

 

[JOAMON]

Could it be that for whatever reason the PIX is leaving the crypto ID active even though it is not and then when that user tries to get in they cannot because a tunnel already exists? Have you tried deleting the crypto SA# and then see if they can get in againg before reloading? Might be the problem of an IOS bug. Do you have the latest General Deployment image loaded?

 

[Niltinho]

Joamon,

Thanks for your response. I am running 6.3(3) on the PIX, somepeople strongly advised me to go for 6.3(5) if i don't want to go for 7.0 yet.
On the routers it vary quite a lot.
When you say delete de SA# you mean a "clear crypto ipsec sa" command?

cheers

Niltinho
BEng,CCNA,MCSA,CNA

 

[JOAMON]

Yes.