Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
0
Replies

VPN Keeps Dropping - Increase a Timeout?

stownsend
Level 2
Level 2

‎07-27-2015 10:58 AM

We have several remote offices that use Cisco 501 or 5505 Devices to connect to a 5510.   All of the remote offices but one have VPN Connectivity issues. 

Many of the remote offices have VPN Connection Up-Times of 8-42 Days. Though one office early has an uptime of 4 hours. Talking to the Respective ISPs, there is no Packet loss between the office and the ISP, so there must be some delay or something in between the two offices. 

 

Is there a Timeout or something that I can adjust to have the VPN connection be a bit more tolerant to this?

 

Here is the Syslog from the HQ ASA

%ASA-4-113019: Group = <remoteOfficeGroup>, Username = <remoteOfficeGroup>, IP = <PublicIP-RemoteOffice>, Session disconnected. Session Type: IPsec, Duration: 0h:29m:56s, Bytes xmt: 26967874, Bytes rcv: 3452215, Reason: Lost Service
%ASA-5-713259: Group = <remoteOfficeGroup>, IP = <PublicIP-RemoteOffice>, Session is being torn down. Reason: Lost Service
%ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x8AA17E55) between <PublicIP-RemoteOffice> and <PublicIP-HQOffice> (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x0BB93804) between 0.0.0.0 and 0.0.0.0 (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0xDA90070C) between <PublicIP-RemoteOffice> and <PublicIP-HQOffice> (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x6AAAADC7) between 0.0.0.0 and 0.0.0.0 (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x9A63D959) between <PublicIP-RemoteOffice> and <PublicIP-HQOffice> (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x3C884C12) between 0.0.0.0 and 0.0.0.0 (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x678E7D45) between <PublicIP-RemoteOffice> and <PublicIP-HQOffice> (user= <remoteOfficeGroup>) has been deleted.
%ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xFEABEDD2) between 0.0.0.0 and 0.0.0.0 (user= <remoteOfficeGroup>) has been deleted.
%ASA-3-713123: Group = <remoteOfficeGroup>, IP = <PublicIP-RemoteOffice>, IKE lost contact with remote peer, deleting connection (keepalive type: DPD)

 

Thank you,

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents