From: Michael Richardson (mcr_at_sandelman.ottawa.on.ca)
Date: Mon Oct 28 2002 - 15:29:50 CET
>>>>> "m" == m <Fredrik> writes:
m> We have a tunnel from:
m> Linux FreeS/WAN 1.98b
m> Linux version 2.4.9-34custom (root_at_jen) (gcc version 2.96 20000731 (Red
m> Hat Linux 7.1 2.96-98)) #1 Fri Aug 9 16:55:58 CEST 2002
m> to
m> Cisco pix 515
m> it works perfectly most of the time. But sometimes the other end
m> (the cisco people) claims that the tunnel is down. If I execute
m> ipsec auto --down tunnel
m> ipsec auto --up tunnel
m> it starts to work again. And sometimes it starts to work again
m> by itself.
The cisco PIX has some keepalive options. See if they are on, and have the
PIX turn it off.
Do a tcpdump of udp port 500. You'll probably see occasional ISAKMP messages.
It would start again when pluto decides to rekey the ISAKMP SA, which is
every hour by default.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Oct 29 2002 - 05:20:31 CET