Solved: Site to Site VPN connection using ASA Firewall 5545 keeps on disconnecting - Page 2

jmdelavirgen · ‎03-06-2016

Hi support,

Please be inform that we are having issue regarding Site to Site VPN connection in one of our Microsoft Azure partners, and we need your immediate assistance and support. Our site to site VPN connection is currently up, but it keeps on disconnecting. Please see attached logs for your reference.

Thanks,

Dinesh Moudgil · ‎03-07-2016

Run "show vpn-sessiondb detail l2l" or "show run crypto map" which will give the setting for phase 2 lifetime.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Aditya Ganjoo · ‎03-06-2016

Hi,

The debugs would provide info only when the tunnel flaps.

If the tunnel is up we would not be able to get any relevant info.

You could go for conditional debugging:

debug crypto condition peer <IP of the remote end>

Regards,

Aditya

Aditya Ganjoo · ‎03-06-2016

Hi,

Please check the output of show crypto ipsec sa for this VPN peer.

Do we see any receive errors in the output ?

If yes we need to verify if the remote site is sending the packets properly with correct SPI value.

Also make sure we match the crypto ACLs on both the ends.

Are we using any VPN-filters for this VPN tunnel ?

Regards,

Aditya

Please rate helpful posts.