05-16-2013 01:46 PM - edited 03-11-2019 06:44 PM
I have our main site using a Cisco 5510 running 8.4.2 code and a remote site using a Cisco 5505 running 8.4.2 code. The main site has a T1 and the remote site is using a DSL connection. About every other day I have to reset the connection at the remote site. The process that I have found that works is to remove the nat statement, clear the cry ips sa and then add back the nat statement. The connection usually comes back up and a few minutes. I am trying to see what is causing this to drop. Does anybody have any ideas?
Thanks,
TJ
05-16-2013 04:16 PM
Hi TJ,
Does the internet also goes down or the issue is just with the tunnel?
Luis
05-16-2013 04:50 PM
Only the tunnel drops.
TJ
Sent from Cisco Technical Support Android App
05-17-2013 04:11 PM
TJ,
Do you have debugs/syslogs from the moment of the failure?
Luis Silva
05-19-2013 10:28 AM
Luis,
This is the only message in the logs from the reconnection attempt. I was debugging crypto isa 255......
05-19-2013 10:31 AM
9 local4.notice 10.10.10.1 May 18 2013 18:42:29: %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 4.\n
2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-715077: Pitcher: received a key acquire message, spi 0x0\n
2013-05-18 18:42:29 local4.warning 10.10.10.1 May 18 2013 18:42:29: %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 4.\n
2013-05-18 18:42:29 local4.error 10.10.10.1 May 18 2013 18:42:29: %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 4.\n
2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-752002: Tunnel Manager Removed entry. Map Tag = outside_map. Map Sequence Number = 4.\n
9 local4.notice 10.10.10.1 May 18 2013 18:42:29: %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 4.\n
2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-715077: Pitcher: received a key acquire message, spi 0x0\n
2013-05-18 18:42:29 local4.warning 10.10.10.1 May 18 2013 18:42:29: %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 4.\n
2013-05-18 18:42:29 local4.error 10.10.10.1 May 18 2013 18:42:29: %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 4.\n
2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-752002: Tunnel Manager Removed entry. Map Tag = outside_map. Map Sequence Number = 4
I just enabled the crypto ipsec 255 and will post that when it drops again.
Thanks,
TJ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide