L2L Tunnel keeps dropping

tkelly · ‎05-16-2013

I have our main site using a Cisco 5510 running 8.4.2 code and a remote site using a Cisco 5505 running 8.4.2 code. The main site has a T1 and the remote site is using a DSL connection. About every other day I have to reset the connection at the remote site. The process that I have found that works is to remove the nat statement, clear the cry ips sa and then add back the nat statement. The connection usually comes back up and a few minutes. I am trying to see what is causing this to drop. Does anybody have any ideas?

Thanks,

TJ

Luis Silva Benavides · ‎05-16-2013

Hi TJ,

Does the internet also goes down or the issue is just with the tunnel?

Luis

Luis Silva

tkelly · ‎05-16-2013

Only the tunnel drops.

TJ

Sent from Cisco Technical Support Android App

Luis Silva Benavides · ‎05-17-2013

TJ,

Do you have debugs/syslogs from the moment of the failure?

Luis Silva

tkelly · ‎05-19-2013

Luis,

This is the only message in the logs from the reconnection attempt. I was debugging crypto isa 255......

tkelly · ‎05-19-2013

9 local4.notice 10.10.10.1 May 18 2013 18:42:29: %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 4.\n

2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-715077: Pitcher: received a key acquire message, spi 0x0\n

2013-05-18 18:42:29 local4.warning 10.10.10.1 May 18 2013 18:42:29: %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 4.\n

2013-05-18 18:42:29 local4.error 10.10.10.1 May 18 2013 18:42:29: %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 4.\n

2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-752002: Tunnel Manager Removed entry. Map Tag = outside_map. Map Sequence Number = 4.\n

9 local4.notice 10.10.10.1 May 18 2013 18:42:29: %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 4.\n

2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-715077: Pitcher: received a key acquire message, spi 0x0\n

2013-05-18 18:42:29 local4.warning 10.10.10.1 May 18 2013 18:42:29: %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 4.\n

2013-05-18 18:42:29 local4.error 10.10.10.1 May 18 2013 18:42:29: %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 4.\n

2013-05-18 18:42:29 local4.debug 10.10.10.1 May 18 2013 18:42:29: %ASA-7-752002: Tunnel Manager Removed entry. Map Tag = outside_map. Map Sequence Number = 4

I just enabled the crypto ipsec 255 and will post that when it drops again.

Thanks,

TJ