ASA 5510 IPSec VPN 'Stale' tunnels

dkramkowski · ‎08-16-2018

I have an ASA 5510 running v8.2, and I just started having an odd issue with one endpoint.

I have 20-30 remote Avaya IP Phones, all connecting via IPSec VPN to the ASA, but one of them has recently started to leave 'stale' tunnels and build new ones every hour. This has caused connectivity issues for the user, and when they reboot the phone, it comes up, leaving the 'stale' tunnels, but establishing one that works. Yesterday, I logged out all except the functional one and this morning, there were eight tunnels again. All phones share the same config and have been working properly for several years - this one only just started to do this in the last week or so.

I don't think this is something the phone could do, so that pretty much leaves either something in the path between the users phone and the ASA that is causing problems with the IPSec traffic or something on the ASA.

Does anyone have any thoughts as to what might be causing this, and suggestion on how to track it down?

dkramkowski · ‎08-27-2018

Just an update and a little more information. I've determined that we have four users that have Comcast for their internet connection. Of these, three are having this issue and one does not appear to be at this time. The three that are having the issue are in Southeast New Jersey, Southeast Pennsylvania and Northeast Florida. The one that does not appear to be having this issue at this time is in Southwestern Pennsylvania, almost to West Virginia. Given that three out of four users on Comcast are showing this issue and no one on any other ISP is showing it, I suspect it is not an issue with our firewall or the phones, but something to do with the ISP that is messing with the VPNs. Does anyone have any thoughts on what to look for to get a better idea what the cause is?