cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2292
Views
0
Helpful
2
Replies

Cisco ASA 5520 Site-to-site VPN TUNNELS disconnection problem

techoteldk
Level 1
Level 1

Hi,

i recently purchased a Cisco ASA 5520 and running firmware v. 8.4(2) and ASDM v. 6.4(5)106.

I have installed 50 Site-to-Site VPN tunnels, and they work fine.

but randomly the VPN Tunnels keep disconnecting and few seconds after it connects it self automaticly....

it happens when there is no TRAFIC on, i suspect.

in ASDM in Group Policies under DfltGrpPolicy (system default) i have "idle timeout" to "UNLMITED" but still they keep disconnecting and connecting again... i have also verified that all VPN TUNNELS are using this Group Policie. and all VPN tunnels have "Idle Timeout: 0"

this is very annoying as in my case i have customers having a RDP (remote dekstop client) open 24/7 and suddenly it gets disconnected due to no traffic ?

in ASDM under Monitoring -> VPN .. i can see all VPN tunnels recently disconnected in "Login Time Duration"... some 30minutes, 52minutes, 40minutes and some 12 minutes ago.. and so on... they dont DISCONNECT at SAME time.. all randomly..

i dont WANT the VPN TUNNELS to disconnect, i want them to RUN until we manually disconnect them.

Any idea?

Thanks,

Daniel

2 Replies 2

benlemasurier
Level 1
Level 1

What is the lifetime value configured for in your crypto policies?

For example:

crypto ikev1 policy 140

authentication rsa-sig

encryption des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 150

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

Hi,

They all run SA lifetime 28800.

this is the same value they ran on my old Zyxel USG1000 Router, and they never disconnected there...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: