12-28-2012 03:31 AM - edited 02-21-2020 04:48 AM
CSM version 4.3 SP1
Hi,
I've noticed that while deploying configuration to our ASA5520 devices active VPN sessions are being disconnected.
Has anyone noticed the same ?
I've not found anything related in Cisco Forum.
I also have not found anything related at Cisco BugToolkit.
Thanks for help.
Krzysztof
12-28-2012 05:02 AM
I've just confirmed that in fact CSM deploys configuration to ASA device and in the same time every\
active VPN session is being torn down.
From client perspective it looks like this:
VPN Client message:
" Secure VPN Connection terminated by Peer.
Reaseon 433: (Reason Not Specified by Peer)
Connection terminated on:
From VPN client log:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 13:43:15.138 12/28/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=********, error 0
2 13:43:16.151 12/28/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=
********
, error 0
3 13:43:17.164 12/28/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
4 13:43:18.130 12/28/12 Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:512)
12-28-2012 05:19 AM
and from asa device perspective (debug log):
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
and lots more
01-11-2013 03:09 AM
This is certainly not expected behaviour. How are your VPN's being terminated? On the outside interface which has a public IP? Or do you have the tunnels traversing NAT and terminating on a private IP? If the latter then have you made sure you are not clearing the xlate table when deploying changes?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide