Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1629
Views
0
Helpful
9
Replies

Site-to-Site VPN tunnel in ASA 5520

rooland12
Level 1
Level 1

‎03-22-2011 08:44 AM - edited ‎03-04-2019 11:50 AM

Hello everyone,

I've  got a problem,We are having site-to-site VPN tunnel connected with our  Client. Usuall the users connect  remote virtual desktop(may be Vmware)  through the L2L tunnel. The problem is that the remote desktop gets  disconnect intermittently(around 4 to 5 times a day) and automatically  reconnects after around 40Seconds or so. I can't find any problem with  the L2L tunnel as it is showing up for the last 6 hours or so.Also there  is no packet drops(RTO) when I ping the peer IP.

If anyone have any idea whats going on please let me know.

  .

Thanks.

Labels:
0 Helpful
9 Replies 9

Peter Paluch
Cisco Employee
Cisco Employee

‎03-26-2011 04:30 AM

Hello,

Sorry for the late reply.

Do these connectivity outages in rdesktop occur after some period of inactivity, or do they just pop up during an active work with the remote desktop? If they appear to occur only after a some period of inactivity, that could indicate for a timeout in some stateful firewall's entry.

Also, does any other connectivity break in the same time the remote desktop connection is interrupted? I am trying to find out whether this problem affects more network flows or whether it is related only to the remote desktop service.

Best regards,

Peter

0 Helpful

rooland12
Level 1
Level 1
In response to Peter Paluch

‎03-26-2011 08:04 AM

Hi Peter,

Thanks for the response. The connectivity outage occurs even during active work with remote desktop(suddenly pop up window with message like "Connectivity lost trying to reconnect" ).  I have observed that no other network flows get affected but only the rdesktop connectivity. I'm suspecting it may be the problem with Vmware machines at cleint end but unfortunately I don't have access to those Vmware machines to check any kind of logs.

Regards,

Rooland

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to rooland12

‎03-26-2011 08:35 AM

Hi Rooland,

When the remote desktop connectivity is lost, is there a slight pause (a frozen desktop or any kind of delay) before the client tells you that the connection has dropped and it is reestablishing the connection? Suddenly dropping the connection and immediately reporting problems with it would suggest that the client was informed about connectivity problems - perhaps a TCP connection being torn down, or an ICMP Unreachable message arriving. A delay would suggest that the client decided to tear down the connection after not receiving a reply from the other side for some time.

I guess it would be good to run a packet sniffer on the client machine somewhere around the time the connection is lost and reestablished - but I am not sure if that is feasible.

Best regards,

Peter

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to rooland12

‎03-26-2011 08:37 AM

Hello Rooland,

One thing that comes to my mind - is it possible that the clients are using DHCP-acquired IP settings, and for some reason, when they renew the lease, they obtain a new IP address instead? Or can there be any changes in the network infrastructure during the remote desktop session - gateway changes, HSRP/VRRP/GLBP kicking in, etc.?

Best regards,

Peter

0 Helpful

rooland12
Level 1
Level 1
In response to Peter Paluch

‎03-27-2011 12:05 AM


Hi Peter,

Yes,there is a slight pause(i.e., the remote desktop gets frozen for few seconds before the message pop up that connectivity is lost trying to re-connect)

Let me run the packet sniffer tomorrow.Also as you said to look out for HSRP/VRRP/GLBP ,let me monitor the IP address of the gateway whether it changes when the connectivity is lost.

Regards,

Rooland

0 Helpful

rooland12
Level 1
Level 1
In response to rooland12

‎01-14-2012 11:51 AM

Hi Peter,

Hope you doing well. What I did was created a new VPN(site to site VPN ) on separate ASA and the issue didn't appear i.e, remote virtual destops were not getting disconnected. But what interesting is the fact that the previous ASA where I used to have the issue is working fine for other site to site VPN's(but not VM are accessed throgh those site to site VPN's).

Recently I upgraded the ASA image and thinking to shift back the VPN to the older ASA and check if the issue still persist.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to rooland12

‎01-14-2012 02:31 PM

Hello Rooland,

If you can afford moving the older ASA back in place and testing whether the issue reappears, I would be grateful, as this is an interesting issue and it would be nice to see if the image upgrade solved it. But the fact is that currently, your network works fine and it may be wiser not to tinker with it just out of curiousity... the decision is up to you

Best regards,

Peter

0 Helpful

rooland12
Level 1
Level 1
In response to Peter Paluch

‎02-10-2012 10:29 AM

Hi Peter,

Unfortunately image upgrade didn't help to solve the problem :-)

Nevertheless shifted  the site to site VPNs tunnel back to the working ASA...

0 Helpful

ebarticel
Level 4
Level 4

‎02-10-2012 06:37 PM

Hi Rooland,

Just a thought....

What about the host systems for VMs? They may have firewall settings enabled that causes those kinds of dropouts and it looks like they are happening at certain times, not randomly.

Hope this helps

Eugen

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card