cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
906
Views
0
Helpful
2
Replies

ASA L2L Connection drop not detected

     Hi All

We're experiencing some troubles with VPN status detection.

Problem detected:

We receive a call from the end point saying they cant establish VPN.

Log says: ''IP = 79.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet."

Asa monitor says that the  l2l against 79.x.x.x is established and a lot of traffic count.

If We drop logout that l2l VPN is establishes successfully.

We suppose L2L gets drop and it's not detected.

For this VPN the end point is a checkopint but we have the same problem against other ciscos

System configuration:

ASA 8.4.2

We have one crypto map defined on two interfaces.

Route tracking to decide which interface should be used. (both public end route and remote lan network)

Nat rules does not include interface

Monitor keep alive enabled in tunnel group.

Thanks

2 Replies 2

ANGELO DE MASI
Level 1
Level 1

Hi, I have same problem witn ASA to ASA site-to-site vpn. Did you find a solution?

mohitpaul
Level 1
Level 1

HI,

Is the resolved? If not, then please do take care of below:

1. disable tunnel keep alives on ASA and checkpoint

2.  If you have multiple tunnels on ASA, ensure that tunnel traffic to  checkpoint is not overlapping or coflicting with any other tunnel  traffic.

For tunnel to ASA-ASA, keepalive must either be enabled on both ends or disabled on both. Secondly, check for any traffic overlapping between two different tunnels

Regards,

Mohit

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: