https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726715#M1095288 <P>It looks like the TCP session is reset by the client not by the VPN peer. Is your tunnel rebuild after the reset ?&nbsp;</P> Wed, 23 Nov 2022 16:09:03 GMT buffkata 2022-11-23T16:09:03Z https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726670#M1095287 <P>Hi Everyone,&nbsp;</P> <P>we have an IPSEC tunnel between FP2110 and ASA firewall.&nbsp;</P> <P>Tunnel is stable and operational but every hour, at the same time, peers (firewalls) at both ends send TCP RST packet to the endpoints at their side that are having active session via IPSEC tunnel. That breaks the session..&nbsp;&nbsp;</P> <P>Has anyone experienced something similar?&nbsp;</P> <P>SA Lifetime in IPSEC setup is set to 8 hours at both ends and flow is allowed on ACLs at both firewalls.</P> <P>Thanks in advance for looking at it <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><STRONG>TCP RST from FP sent to endpoints at his location:</STRONG></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Micccc4_0-1669215941525.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/168837i2BFE6EDF26CBAA64/image-size/medium?v=v2&amp;px=400" role="button" title="Micccc4_0-1669215941525.png" alt="Micccc4_0-1669215941525.png" /></span></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><STRONG>TCP RST from ASA sent to endpoints at his location:</STRONG></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Micccc4_1-1669215969308.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/168838i9613793369816CBB/image-size/medium?v=v2&amp;px=400" role="button" title="Micccc4_1-1669215969308.png" alt="Micccc4_1-1669215969308.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 23 Nov 2022 15:31:56 GMT https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726670#M1095287 Micccc4 2022-11-23T15:31:56Z https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726715#M1095288 <P>It looks like the TCP session is reset by the client not by the VPN peer. Is your tunnel rebuild after the reset ?&nbsp;</P> Wed, 23 Nov 2022 16:09:03 GMT https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726715#M1095288 buffkata 2022-11-23T16:09:03Z https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726864#M1095296 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/911938">@buffkata</a>&nbsp;- thanks for commenting. Well, this was my first thought as well - that is how it looks based on the SRC IP address. However, RST packet that is received by the end point at one side of the tunnel is not captured on the other, 'source' side. So, where is it coming from. and then I came across this video here:</P> <P>(and tunnel itself is stable when this reset takes place)</P> <P><A href="https://www.youtube.com/watch?v=t5OJephyw8I" target="_blank">https://www.youtube.com/watch?v=t5OJephyw8I</A></P> Wed, 23 Nov 2022 20:15:09 GMT https://community.cisco.com/t5/network-security/ipsec-peers-fp-and-asa-send-tcp-rst-to-the-endpoints/m-p/4726864#M1095296 Micccc4 2022-11-23T20:15:09Z