I'm trying to get a m0n0wall to establish IPSEC 3DES vpn tunnels to 3 pix firewalls.
I can get them to come up and pass traffic, but after a while, they go down, sometimes after 15 to 30 minutes, sometimes hours later. The only way to get them to come back up, is to clear the tunnels either on the m0n0 or the pix.
I thought that maybe with 3 concurrent connections that I might be over taxing the m0n0wall, but this happens even with only one tunnel up.
On the pix, a "sh crypto isa sa" shows the tunnel state to be 'MM_NO_STATE'.
Does anyone know what may be causing this?
pix config: access-list 90 permit ip 172.16.8.0 255.255.255.0 172.16.4.0 255.255.255.0 access-list nonat permit ip 172.16.8.0 255.255.255.0 172.16.4.0 255.255.255.0 nat (inside) 0 access-list nonat sysopt connection permit-ipsec crypto ipsec transform-set strong-des esp-3des esp-md5-hmac crypto dynamic-map dynmap 20 set transform-set strong-des crypto map statmap 10 ipsec-isakmp crypto map statmap 10 match address 90 crypto map statmap 10 set peer x.x.x.x crypto map statmap 10 set transform-set strong-des crypto map statmap 20 ipsec-isakmp dynamic dynmap crypto map statmap interface outside isakmp enable outside isakmp key ******** address x.x.x.x netmask 255.255.255.255 isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400
m0n0 config Phase 1 Negotiation aggressive identifier - my ip address Enc Alg - 3DES Hash Alg - md5 dh key group 2 lifetime 86400 authen - psk
Phase 2 Protocol - ESP Enc Alg - 3DES only Hash Alg - MD5 pfs key group 2 lifetime 86400
|