[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  1.2b1 IPsec SA issues
 Date:  Thu, 30 Sep 2004 02:11:06 -0400
Well, new issues with my PIX <-> m0n0wall VPN.  I'm pretty sure this
time it's because of the byte limit imposed by the PIX.  If I'm
transferring heavily over the connection, it'll drop after a while. 
No duplicate SA's exist on the m0n0wall side this time.  The log
messages on the PIX side are the same as before.

The byte limit is 50,000 KB, though it doesn't drop until I transfer
200-400 MB or so within roughly 2-3 hours.  It'll eventually come back
after a few hours if I'm not able to get into the m0n0wall to delete
the SA's, when before it would not come back under any circumstances
without deleting the SA's.

Since it's likely the byte limit imposed by the PIX, how would you
recommend resolving this?  Up the PIX byte limit to something really
high, or lower the lifetime maybe?  Not sure what the best course of
action would be here.

Thanks for all the help on this.