https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798037#M532788 <HTML><HEAD></HEAD><BODY><P>I have attached the syslog file to the original message posted.</P></BODY></HTML> Wed, 24 Aug 2011 17:19:31 GMT aquasilk0001 2011-08-24T17:19:31Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798032#M532783 <P>Hello everybody, we are having a crisis with a very mysterious issue.<SPAN __jive_emoticon_name="plain" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/plain.gif"></SPAN></P><P></P><P>We have a 100 Mbps WAN circuit, we have configured an IPsec tunnel between ASA 5520 and Cisco 3845 Router for our DR site replication via Veeam Backup and Replication, it was working fine before, when we established the 3DES tunnel the traffic for certain subnets is dropped after an hour and it stops the replication, although tunnel remains up and we can access the other subnets, as soon as we clear the crypto SA and ISAKMP sessions on the firewall the traffic starts flowing again and then after an hour the traffic is dropped again.</P><P></P><P>So far the testing and differnet configurations we tried are as under.</P><P></P><P>Tried with a different MTU size both on firewall and ESXi servers but nothing happened.</P><P>Their is no QOS configuration.</P><P>Checked the utilization on both ends its Noram although their are subsequent 100% spikes on Cisco 3845 but on average it remians at 30-40%.</P> Mon, 11 Mar 2019 21:15:41 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798032#M532783 aquasilk0001 2019-03-11T21:15:41Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798033#M532784 <HTML><HEAD></HEAD><BODY><P>Guys Any ideas where should i look for, or any specific aparmeters we can change..!!</P></BODY></HTML> Tue, 23 Aug 2011 11:57:38 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798033#M532784 aquasilk0001 2011-08-23T11:57:38Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798034#M532785 <HTML><HEAD></HEAD><BODY><P>Aqua, </P><P></P><P>So it is just one type of specific traffic that is being dropped? What port does this application uses? Do you have logs on the firewall when the connection drops? How long does it stays up? </P><P></P><P>Mike </P></BODY></HTML> Tue, 23 Aug 2011 17:35:01 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798034#M532785 Maykol Rojas 2011-08-23T17:35:01Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798035#M532786 <HTML><HEAD></HEAD><BODY><P>Hi Rojas,</P><P></P><P>We have only one type of traffic on the link and it drops on certain specific subnets, additionally i can see huge packet drops on the interface, when we torn down the IPsec tunnel on the same interface everything works nicely.</P><P></P><P>It stays up for almost one and half hour and then traffic for some subnets drop but tunnel remains up.</P><P></P><P>And again when we torn down the tunnel everything seems to work.</P><P></P><P>The application uses random TCP ports between (2500 and 5000)</P></BODY></HTML> Wed, 24 Aug 2011 05:48:20 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798035#M532786 aquasilk0001 2011-08-24T05:48:20Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798036#M532787 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>We may need to get the logs from the connection when its torn down and checkout the reason with the logs. Setup a syslog server, have the connection running and check when it is being torn down on the ASA.</P><P></P><P>Mike Rojas</P></BODY></HTML> Wed, 24 Aug 2011 16:30:36 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798036#M532787 Maykol Rojas 2011-08-24T16:30:36Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798037#M532788 <HTML><HEAD></HEAD><BODY><P>I have attached the syslog file to the original message posted.</P></BODY></HTML> Wed, 24 Aug 2011 17:19:31 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798037#M532788 aquasilk0001 2011-08-24T17:19:31Z https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798038#M532789 <HTML><HEAD></HEAD><BODY><P>Hi Aqua,</P><P></P><P>Do you have a timestamp when the traffic stopped passing? it will help when looking through the syslogs. </P><P></P><P>When you mention traffic just stops for a few subnets, does that mean this same application is running between different subnets? </P><P></P><P>When the connetion stops working and tunnel is still up, please post the output of <STRONG>show conn | in <EM><IP of="" one="" of="" the="" 2="" hosts=""></IP></EM></STRONG>.</P><P></P><P>this should give us an idea of what is the state of that TCP connection.</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Thu, 08 Sep 2011 18:01:43 GMT https://community.cisco.com/t5/network-security/asa-5520-8-3-vpn-tunnel-drops-traffic/m-p/1798038#M532789 praprama 2011-09-08T18:01:43Z