Re: RE: Cisco 3005 VPN concentrator issues. [7:57495]
What is the limitation of a PIX with a VPN Accerator card? > > From: "lounelson" > Date: 2002/11/21 Thu PM 08:59:22 EST > To: [EMAIL PROTECTED] > Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] > > I note you said 200 users > The 3005 is limited to 100 simultaneous user > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_models_compar > ison.html > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Umar Ahmed > Sent: Friday, November 15, 2002 3:00 AM > To: [EMAIL PROTECTED] > Subject: Cisco 3005 VPN concentrator issues. [7:57495] > > Hi all, > > Ive got a customer who has a 3005 concentrator connected to our network. > He > has setup a vpn connection which he accesses from home over the public > internet. The problem he and the other 200 users are having is that they > are > loosing connectivity to the box intermittently throughtout the day. When > he > has loss of service, I can ping the vpn box directly connected to my > network, whats even more strange, is that I can ping other customer > hosts on > the same subnet . Any ideas ?? > > Regards, > > Umar. Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57888&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3005 VPN concentrator issues. [7:57495]
I note you said 200 users The 3005 is limited to 100 simultaneous user http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_models_compar ison.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Umar Ahmed Sent: Friday, November 15, 2002 3:00 AM To: [EMAIL PROTECTED] Subject: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Ive got a customer who has a 3005 concentrator connected to our network. He has setup a vpn connection which he accesses from home over the public internet. The problem he and the other 200 users are having is that they are loosing connectivity to the box intermittently throughtout the day. When he has loss of service, I can ping the vpn box directly connected to my network, whats even more strange, is that I can ping other customer hosts on the same subnet . Any ideas ?? Regards, Umar. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57864&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3005 VPN concentrator issues. [7:57495]
I have 2 concentrators setup in load balancing function and we had the same issue but ours was not resolved by split tunneling. We had to flash both concentrators and this problem went away , there was a bug on bug track which cisco informed me off at the time I was working on this. Before enabling split tunneling I would I would flash my concentrators first if there is no need for split tunneling. -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 3:50 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] I had the similar type of problem, remote users (broadband) would lose connectivity and get the remote peer not respondin, your ipsec session has been termintated error. The problem that I had, was with the broadband ISP, in this case Telstra. Telstra use a bpa hart beat packet, just so Telstra knows that the dsl customer is still there. Should telstra not get this packet, they drop the dsl connection, thus terminating your vpn session. Also, you may want to check your session time-out variable. I resolved my error by splitting the networks, as previously I had tunnel everything. john -Original Message- From: Umar Ahmed [mailto:[EMAIL PROTECTED]] Sent: Friday, 15 November 2002 8:00 PM To: [EMAIL PROTECTED] Subject: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Ive got a customer who has a 3005 concentrator connected to our network. He has setup a vpn connection which he accesses from home over the public internet. The problem he and the other 200 users are having is that they are loosing connectivity to the box intermittently throughtout the day. When he has loss of service, I can ping the vpn box directly connected to my network, whats even more strange, is that I can ping other customer hosts on the same subnet . Any ideas ?? Regards, Umar. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. >From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57646&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 3005 VPN concentrator issues. [7:57495]
I would enable split tunneling for the networks you need and set the concentrator logs up to see what is going on. I have pasted a little dialogue below on what logs to turn on. You can probably get a good idea of what is going on from this. In the concentrator we go to Configuration -> System -> Events -> Classes. Delete any classes in there right now. Click on add and under class name find IKE, on the severity to log select 1-9. Do the same for IKEDBG. Now find IKEDecode in the list and and select 1-13 on severity to log. Now you select IPSEC and put it at 1-9. Do the same with IPSECDBG. Select IPSECDECODE and put it at 1-13. Now that you have those 6 classes added we will see in more detail what is going on. Thanks, Robert Raver Cisco Systems Inc. - Original Message - From: "John Brandis" To: Sent: Monday, November 18, 2002 1:50 PM Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] > I had the similar type of problem, remote users (broadband) would lose > connectivity and get the remote peer not respondin, your ipsec session has > been termintated error. The problem that I had, was with the broadband ISP, > in this case Telstra. Telstra use a bpa hart beat packet, just so Telstra > knows that the dsl customer is still there. Should telstra not get this > packet, they drop the dsl connection, thus terminating your vpn session. > Also, you may want to check your session time-out variable. > > I resolved my error by splitting the networks, as previously I had tunnel > everything. > > john > > -Original Message- > From: Umar Ahmed [mailto:[EMAIL PROTECTED]] > Sent: Friday, 15 November 2002 8:00 PM > To: [EMAIL PROTECTED] > Subject: Cisco 3005 VPN concentrator issues. [7:57495] > > > Hi all, > > Ive got a customer who has a 3005 concentrator connected to our network. He > has setup a vpn connection which he accesses from home over the public > internet. The problem he and the other 200 users are having is that they are > loosing connectivity to the box intermittently throughtout the day. When he > has loss of service, I can ping the vpn box directly connected to my > network, whats even more strange, is that I can ping other customer hosts on > the same subnet . Any ideas ?? > > Regards, > > Umar. > ** > > visit http://www.solution6.com > > UK Customers - http://www.solution6.co.uk > > ** > > The Solution 6 Head Office and Branch in Sydney is moving premises. > > >From Monday 25th November our Head Office and NSW Branch will be located at: > > Level 14, 383 Kent Street, Sydney NSW 2000. > > General Phone: 61 2 9278 0666 > > General Fax: 61 2 9278 0555 > > ** > > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57645&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3005 VPN concentrator issues. [7:57495]
I had the similar type of problem, remote users (broadband) would lose connectivity and get the remote peer not respondin, your ipsec session has been termintated error. The problem that I had, was with the broadband ISP, in this case Telstra. Telstra use a bpa hart beat packet, just so Telstra knows that the dsl customer is still there. Should telstra not get this packet, they drop the dsl connection, thus terminating your vpn session. Also, you may want to check your session time-out variable. I resolved my error by splitting the networks, as previously I had tunnel everything. john -Original Message- From: Umar Ahmed [mailto:[EMAIL PROTECTED]] Sent: Friday, 15 November 2002 8:00 PM To: [EMAIL PROTECTED] Subject: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Ive got a customer who has a 3005 concentrator connected to our network. He has setup a vpn connection which he accesses from home over the public internet. The problem he and the other 200 users are having is that they are loosing connectivity to the box intermittently throughtout the day. When he has loss of service, I can ping the vpn box directly connected to my network, whats even more strange, is that I can ping other customer hosts on the same subnet . Any ideas ?? Regards, Umar. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. >From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57634&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
