Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX / Sonicwall connection

Status
Not open for further replies.
donchr

donchr

MIS
Oct 23, 2002
6
US
Hello

We've established a PIX to Sonicwall connection that has been working for months but we have this problem: It keeps timing out!
Either the time expires or the Sonicwall side is reloaded and they (Sonicwall) can't reestablish tunnel. The Pix (Me) has to ping their network to reestablish the tunnel.

My solution: A script that pings their network - it works but...

Correct solution: ?????????

I have [isakmp policy 20 lifetime 86400]

Thanks for your thoughts!
 
Sort by date Sort by votes
HI.

Does the VPN time out while you pass traffic, or when idle?

I don't know much about Sonicwall, but I suggest that you check that the access-list bound to crypto map at the pix side, matches (mirror) the related rule on the Sonicwall side.

It seems to me like a misconfiguration at the Sonicwall side - this is my assumption.

Check also all the IPSec timeouts, here is a document that may help you, even if you have a different system:

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Be warned that in my experience the Sonicwall VPN code is buggy at best. We just pulled 5 of the TELE3s out of service and replaced them with PIX 501s due to the fact of changing the VPN config would at random times wipe the entire config of the Sonicwall. Not to mention the IP leaks we found when using NAT on the DMZ port.

Just my experience and your milage will vary

MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
Hello. I have the same issue, with the same symptoms. Is it safe to say that the PIX config is correct if traffic originating from the PIX brings up the tunnel, then the PIX config is correct? I am unfamiliar with the corresponding settings on the SonicWall that are equivalent to the nonat list and the called acl in the crypto map on a PIX, but suspect that either this or the lifetime timeout is the culprit. I have set both the ipsec and the isakmp sa to 28800, but still no luck. Any further comment/guidance?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
757
Shmid
Shmid
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
137
Russtoleum
Russtoleum
Maakus
  • Locked
  • Question
SonicWall
Replies
4
Views
180
Maakus
Maakus
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
151
ISDPCMAN
ISDPCMAN
malibu1979
  • Locked
  • Question
SonicWall GVC
Replies
1
Views
176
jcarmichael1203
jcarmichael1203

Part and Inventory Search

Sponsor

Back
Top