Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1310
Views
0
Helpful
3
Replies

CSM disconnects VPN sessions upon config deployment.

d1pol01978
Level 1
Level 1

‎12-28-2012 03:31 AM - edited ‎02-21-2020 04:48 AM

CSM version 4.3 SP1

Hi,

I've noticed that while deploying configuration to our ASA5520 devices active VPN sessions are being disconnected.

Has anyone noticed the same ?

I've not found anything related in Cisco Forum.

I also have not found anything related at Cisco BugToolkit.

Thanks for help.

Krzysztof

Preview file
93 KB
0 Helpful
3 Replies 3

d1pol01978
Level 1
Level 1

‎12-28-2012 05:02 AM

I've just confirmed that in fact CSM deploys configuration to ASA device and in the same time every\

active VPN session is being torn down.

From client perspective it looks like this:

VPN Client message:

" Secure VPN Connection terminated by Peer.

Reaseon 433: (Reason Not Specified by Peer)

Connection terminated on:    Duration: "

From VPN client log:

Cisco Systems VPN Client Version 5.0.07.0290

Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 6.1.7601 Service Pack 1

Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

1      13:43:15.138  12/28/12  Sev=Warning/2    CVPND/0xA3400015

Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=********, error 0

2      13:43:16.151  12/28/12  Sev=Warning/2    CVPND/0xA3400015

Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=

********

, error 0

3      13:43:17.164  12/28/12  Sev=Warning/2    CVPND/0xA3400015

Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0

4      13:43:18.130  12/28/12  Sev=Warning/2    IKE/0xA3000067

Received an IPC message during invalid state (IKE_MAIN:512)

0 Helpful

d1pol01978
Level 1
Level 1

‎12-28-2012 05:19 AM

and from asa device perspective (debug log):

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset

and lots more

0 Helpful

michaellambert1980
Level 1
Level 1
In response to d1pol01978

‎01-11-2013 03:09 AM

This is certainly not expected behaviour.  How are your VPN's being terminated?  On the outside interface which has a public IP?  Or do you have the tunnels traversing NAT and terminating on a private IP?  If the latter then have you made sure you are not clearing the xlate table when deploying changes?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card