1. Home
  2. Cisco Systems
  3. Telnet over Site to Site IPsec

Telnet over Site to Site IPsec

I'm trying to troubleshoot a configuration that I inherited and I'm not sure where to start.

We have a retail client with three stores each with a PIX 501 connected via site to site IPsec tunnels to an ASA 5520 at a central location. Workstations at each store telnet to a Linux server at the central location.

For the past couple of weeks, the telnet connections at the store have been intermittently disconnecting. It seems to be happening maybe 3-4 times a day overall.

I don't see any errors on the firewalls logs or interfaces or on the network interface of the Linux server.

Any ideas on how I should troubleshoot this issue?

Thanks in advance! -- Vince

Reply to
Vince Kimball
Loading thread data ...

Do you have some configs we can see?

Reply to
NedNobody

When the connection from linux disconnect does IPsec also disconnect from the peer.

Reply to
CK

How many workstations at each store ?

The PIX 501 by default only has 10 user license so it will not support more than 10 sessions

Reply to
Merv

No, the IPsec doesn't disconnect. Other telnet sessions from the same location aren't dropped just one.

Reply to
Vince Kimball

Two of the stores have PIXes with 50 user licenses. Those stores have between 5 and 10 workstations.

One store only has 2 workstations so they have a 10 user license.

It doesn't seem to be a user license issue, as the dropped user can immediately reconnect.

Reply to
Vince Kimball

Assuming it is not an IPSEC issue, then I would put a sniffer ( PC with Etherreal) and capture the Telnet sessions to the Linux server.

When an incident occurs is it all of the workstations in a store that disconnect or just some?

Are all stores affected at the same time?.

Assuming it is not an IPSEC issue, then I would connect a sniffer ( PC with Etherreal) on the same LAN where the Linux server and capture the Telnet sessions to the Linux server. Look for TCP resets and the like.

Reply to
Merv

Generally it's just a couple of workstations at a time, not all workstations at a store nor all stores.

Reply to
Vince Kimball

The few workstations at a time - are they at one store or multiple stores - if they are at multiple stores then it may indicate that the issue is a the central site.

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.