I have version 1.231 running on a 600MHz PC with
4 IPsec tunnels: two to other m0n0walls and one to
a Cisco 3030 and one to a Cisco ASA. The first three
tunnels have been working perfectly for about a year.
The tunnel to the Cisco ASA however is new and is
giving me the following problem:
Racoon establishes the SA and opens the tunnel to
the Cisco ASA without any problems. The tunnel
will remain operable, timing out and establishing
a new SAs without trouble. But if heavy traffic
is pushed through it, after about 50 to 200 MB, the
tunnel eventually closes up.
Once the tunnel closes I can't get it to reopen.
Attempts to ping through the tunnel are recorded on
the firewall logs but there is no resonse from racoon.
If I delete the SA for the tunnel and then ping through
it raccoon resonds with :
racoon: INFO: initiate new phase 2 negotiation: 172.16.6.1<=>184.108.40.206
racoon: ERROR: 220.127.116.11 give up to get IPsec-SA due to time up to wait.
The only way to get the tunnel working again is to disable and enable IPsec
or just reboot m0n0Wall entirely.
Has anybody experienced a problem like this? Is there a
system dump command that I should use to glean more detailed
information when the tunnel has closed up?
I have plenty of log information if anybody is interested.
Thanks for looking at this posting,