[ previous ] [ next ] [ threads ]
 From:  Shaun Sutterfield <shaun at prointegrations dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  1.3b2 - broken IPSec tunnels to Cisco PIX
 Date:  Wed, 27 Dec 2006 19:52:24 -0800
I have 6 IPSec tunnels continuously running from my office to client 
sites.  Two of them are to Cisco PIX's.  No problems in the past, but 
was eager to offer some testing of 1.3b2, so I installed it yesterday 

Well, since then, the two tunnels that go to PIX's have been acting up. 
  Three times, they just stopped passing traffic for a few hours (caused 
Nagios which runs in my office to think the client sites were down)

I downgraded a few hours ago back to 1.22 and everything is fine again.

Sorry, I did not have a chance to gather any debug information--but, I'm 
willing to run the experiment again in a few days if you can tell me any 
specifics on what information you would like.

(for what it's worth, the upgrade & downgrade went very smoothly :-)

Generic PC image (using a CF card)
VPN tunnels UNAFFECTED are all using blowfish-cbc for the encryption 
(going to M0n0walls I've setup at my client sites that are all running 1.22)
The two tunnels affected were using 3des-cbc, connecting to Cisco PIX's 
(sorry, don't know specifics on the config on the PIX's themselves, as I 
don't personally have access to them).

Again, I would love to contribute some helpful information--outline what 
you'd like.

- Shaun