Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3431
Views
0
Helpful
6
Replies

ASA 5520 8.3, VPN tunnel Drops Traffic

aquasilk0001
Level 1
Level 1

‎08-23-2011 01:40 AM - edited ‎03-11-2019 02:15 PM

Hello everybody, we are having a crisis with a very mysterious issue.

We have a 100 Mbps WAN circuit, we have configured an IPsec tunnel between ASA 5520 and Cisco 3845 Router for our DR site replication via Veeam Backup and Replication, it was working fine before, when we established the 3DES tunnel the traffic for certain subnets is dropped after an hour and it stops the replication, although tunnel remains up and we can access the other subnets, as soon as we clear the crypto SA and ISAKMP sessions on the firewall the traffic starts flowing again and then after an hour the traffic is dropped again.

So far the testing and differnet configurations we tried are as under.

Tried with a different MTU size both on firewall and ESXi servers but nothing happened.

Their is no QOS configuration.

Checked the utilization on both ends its Noram although their are subsequent 100% spikes on Cisco 3845 but on average it remians at 30-40%.

Labels:
112526-Syslog-Monitor410.txt.zip
0 Helpful
6 Replies 6

aquasilk0001
Level 1
Level 1

‎08-23-2011 04:57 AM

Guys Any ideas where should i look for, or any specific aparmeters we can change..!!

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to aquasilk0001

‎08-23-2011 10:35 AM

Aqua,

So it is just one type of specific traffic that is being dropped? What port does this application uses? Do you have logs on the firewall when the connection drops? How long does it stays up?

Mike

Mike
0 Helpful

aquasilk0001
Level 1
Level 1
In response to Maykol Rojas

‎08-23-2011 10:48 PM

Hi Rojas,

We have only one type of traffic on the link and it drops on certain specific subnets, additionally i can see huge packet drops on the interface, when we torn down the IPsec tunnel on the same interface everything works nicely.

It stays up for almost one and half hour and then traffic for some subnets drop but tunnel remains up.

And again when we torn down the tunnel everything seems to work.

The application uses random TCP ports between (2500 and 5000)

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to aquasilk0001

‎08-24-2011 09:30 AM

Hi,

We may need to get the logs from the connection when its torn down and checkout the reason with the logs. Setup a syslog server, have the connection running and check when it is being torn down on the ASA.

Mike Rojas

Mike
0 Helpful

aquasilk0001
Level 1
Level 1
In response to Maykol Rojas

‎08-24-2011 10:19 AM

I have attached the syslog file to the original message posted.

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to aquasilk0001

‎09-08-2011 11:01 AM

Hi Aqua,

Do you have a timestamp when the traffic stopped passing? it will help when looking through the syslogs.

When you mention traffic just stops for a few subnets, does that mean this same application is running between different subnets?

When the connetion stops working and tunnel is still up, please post the output of show conn | in .

this should give us an idea of what is the state of that TCP connection.

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card