VPN Tunnel between Cisco 2611 and Intel Firewall

[gturrubi]

I have a problem where one of our vendors has a VPN tunnel setup for them to receive FTP files from us over a secure VPN tunnel. On our side we have a Cisco 2611 and on their side they have an older Intel Firewall? We changed ISP's so our external IP range changed and they had to change their external addresses per say. One thing that happened when trouble shooting was that they changed their crypto key and then we had to change ours, now the tunnel shuts down every 4 hours. We then have to shut the E0/0 interface pointing to them and then bring it back up and all if fine.

I cleared the SA's and isakmp but the problem still exists. Any Ideas, I need to fix this quickly.

Thanks

 

[computerhighguy]

Your timeouts on either phase 1 or phase 2 of the tunnel are different. This is a common problem. Recheck that the parameters are the same. By default, I believe phase 1 is 86400 and phase 2 is also 86400. Remember that your isakmp timeout is phase 1 and the ipsec timeout is phase 2.

If you do a sh crypto isakmp you will see the phase 1 status. You want that to be QM_IDLE.

Hope this helps