Make sure that timeouts/sa lifetime for phase 1 and phase 2 are identical. Possibly Sonic firewall sa reaches its lifetime, but it's not notifying VPN 3000 that it's bringing the tunnel down. So when Sonic tries to re-negotiate a new sa, VPN 3000 ignores that request as it still has the old valid sa.
-- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Joseph Carr Sent: Monday, April 01, 2002 12:00 PM To: [EMAIL PROTECTED] Subject: VPN issues [7:40064] Well, I am having some trouble with VPN sessions getting disconnected. I have a Cisco VPN 3005 at the main office that sits in the DMZ zone of a Cisco PIX-515-R and at the remote end I have a Sonicwall ProVX that VPNs into the VPN concentrator. We are using IPSec Lan-to-Lan IKE-3DES-MD5 for the tunnel and have no trouble establishing a connection. But after a few day the Sonicwall disconnects from the VPN and the only way to get it to reconnect is to logout the session on the VPN concentrator. Also the syslog output from the concentrator says key exchange is failing and on the log for the Sonicwall it indicates that it is not getting a response from the remote end. What can I do to prevent this from happening? Thanks, Joe Carr MCDBA, CCDA, CCNP, CCIE (written) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40116&t=40064 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]