What are you using for phase 1 and phase 2 times on either side? Are
they the same on both ends?

Regards,
Josh Simoneau


-----Original Message-----
From: Cameron Showalter [mailto:cameron at gwschool dot com] 
Sent: Wednesday, June 15, 2005 2:50 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] vpn tunnel dropping

Hello,
I have 8 tunnels working, with data flowing very nicely.   except for 
this one tunnel that i continue having issues with.   it happens to be 
my only tunnel that required an extra static route to properly 
connect.   the live ip for that endpoint is a dsl modem, then behind the

dsl modem is my symantec fw/vpn applicance model 100.  the symantec box 
has a wan IP of 192.168.254.2.     so on my end I have a static route 
set in m0n0 as:
LAN 	192.168.254.0/24 	66.60.133.##


which works mostly, but every five minutes I recieve emails from
'node-runner' my nms stating that the connection is down.  once I ping
the private IP 99% of the time,  it comes back.  I've had them power
cycle the symantec box twice because I couldnt even ping the
66.60.133.xx IP. 

I've resorted to a crontab entry the sends out 10 pings on the remote
side to a local IP every five minutes and that seems to help, but not
completely  resolve the problem.