Well..well..well.. in a way I feel like idiot.. but in another it was a very much a learning experience.
After checking over everything and recreating the 800mS to 2 second delays, I found the problem. When I first set up the lab, I spent some time working with the debugs for ipsec, isakmp and icmp. I was bouncing between PIXs looking at the results and working out the configs. Apparently, on the 520 PIX, I left a debug process running or it hung there on it's own from one of the times the ssh window timed out. I would have thought it would have died on its own but..then again maybe not. I had to reboot the 520 but that clear the problem and pings went to an expected 2mS response time. I had not rebooted the 520 since I was trying to replicate using a production PIX. I'm starting to think that when working with VPNs and the like, a reboot is a useful thing to do. Yes? no? Thanks again for the comments.. as it turns out I learned things from the comments and my own struggles. Sometimes it's best this way :) MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61261&t=60981 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
