12-12-2006 10:10 AM - edited 03-11-2019 02:08 AM
Hi
We have set up an IPsec site to site VPN tunnel with ASA5510 and Checkpoint on the remote side. ASA5510 is running version 7.2.1. The VPN tunnel comes up but when users use windows Remote desktop to access the remote servers the user sessions get disconnected automatically after few minutes. We have tested the same setup replacing the ASA5510 with PIX 515E an there are no problems.
Any help to fix this will be great.
thanks
Subbu
02-09-2007 06:51 AM
I am having same trouble with AS/400 sessions, and I can't seem to find any solution to problem, Cisco is no help. Does anyone know a problem with Checkpoints?? Why does it work ok with PIX515? Does Checkpoint need to be updated? Any suggestions ????
02-09-2007 07:40 AM
Hi
I opened a TAC case but it was of no use. Cisco asked us to give the packet capture report but are non-committal.
I am still living with this problem and Cisco has been of no help.
02-09-2007 07:45 AM
Yes, I did the same thing, Cisco had to change something in the VPN code!! I have went over and over config and everything is the same, I can't beleive there aren't more people having this problem
02-09-2007 08:19 AM
hello,
could you post your config espacially related to crypto and isakmp
we have similar senario using ASA5520 connecting to our partner and on the other DR site connecting PIX515E to the same partner to Checkpoint in both cases and AS/400 and other sessions have no problem at all.
also is it only happening with remote desktop sessions or with everthing.
02-09-2007 08:32 AM
08-08-2007 09:44 PM
Hi
I faced the same issue. I migrated the existing PIX 515E to ASA 5510 and one of the site-site VPN tunnels was with a Checkpoint firewall, and I got the same behaviour. On the checkpoint end they were getting so many log errors of "Packet is dropped because there is no valid SA"
I made it work by changing the crypto map configuration to dynamic, so it will accept any IPSec SA from checkpoint end.
I would appreciate if there is a fix/solution for this ?
Thanks
Osama,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide