Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ASA, VPN and Veritas Netbackup

Reply
Thread Tools

Cisco ASA, VPN and Veritas Netbackup

 
 
Bernd Nies
Guest
Posts: n/a
 
      03-29-2007
Hi folks,

Recently we migrated our VPN connection of two office locations from
"Sonicwall TZ170 <--> Cisco VPN3000" to a new "Cisco ASA5510 <-->
Cisco ASA5520" site to site tunnel. The IKE/IPsec tunnels have been up
for two weeks and the networks on both ends can reach each other.

On one location we have a Veritas Netbackup media server which is also
a backup client and on the other there is the master server. Since
that VPN migration we experience problems with backups that take long
(about one hour or longer). It appears that the firewall somehow kills
the TCP sessions. The backup client complains about broken networks,
socket errors and timeouts waiting for database connections. I
increased the default idle timeout on the ASA from 1 hour to 72 hour
but with no success. Idle telnet sessions keep now open but the
Netbackup stuff still has these network problems.

Any ideas what is causing the trouble? Here's the VPN config on both
ASA's:


==CUT==
timeout xlate 3:00:00
timeout conn 72:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
disconnect 0:02:00
timeout uauth 0:05:00 absolute

group-policy adnvpn internal
group-policy adnvpn attributes
vpn-simultaneous-logins 6
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
ip-comp disable
re-xauth disable
group-lock none
pfs disable

crypto map outside_map 80 match address outside_80_cryptomap
crypto map outside_map 80 set pfs
crypto map outside_map 80 set connection-type answer-only
crypto map outside_map 80 set peer 123.123.123.123
crypto map outside_map 80 set transform-set ESP-3DES-SHA
crypto map outside_map 80 set security-association lifetime seconds
86400
crypto map outside_map 80 set security-association lifetime kilobytes
2147483647

tunnel-group 123.123.123.123 type ipsec-l2l
tunnel-group 123.123.123.123 general-attributes
default-group-policy adnvpn
==CUT==


Thanks in advance.

Regards,
Bernd

 
Reply With Quote
 
 
 
 
Netghost Netghost is offline
Junior Member
Join Date: Mar 2007
Posts: 3
 
      03-29-2007
I have a similar setup, but i use the remote agents instead. These agents (also available for Uniux) are using the port 10000. If you cant find a solution, maybe you can open the port 10000 between your 2 devices and use the remote agents instead.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Server 2003 R2 Standard x64 Edition and Veritas BackupEXEC Einar Bordewich Windows 64bit 1 03-22-2006 03:00 PM
backticks and Veritas Netbackup commands Brian W Perl Misc 1 05-29-2005 07:09 PM
Cisco vpn server enabled / VPN and no-VPN connections mix Elise Cisco 6 05-22-2004 07:55 AM
OT: Veritas DP-003W Exam Review MCSE World MCSE 0 10-11-2003 01:04 AM
Unexplained Multiple Lauches of Script with NetBackup ... could it be PERL? Jay W Perl Misc 2 10-03-2003 09:46 PM



Advertisments