Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
553
Views
0
Helpful
2
Replies

ASA VPN issue

koonmun
Level 1
Level 1

ā€Ž12-20-2010 07:05 PM

We have site-to-site VPN IPsec tunnel step-up between HQ and multiple sites. It is a hub and spoke design.

Recently, we encounter a weird problem from one of our site VPN tunnel to our HQ.

The VPN tunnel for this site has been working fine for the past one year. Just last month, we encounter high delay between this site and our HQ.

When we do ping test between this site and HQ, we can experience up to 3000ms delay and even intermittent timeout.

If i do a vpn session logoff for this site, the round delay will fall back to about 70ms which is normal.

This will run for about a day or so and the delay will appear again. Almost daily, i have to do a vpn session logoff.

Some of the things i did:

1. reflash firmware to 8.2.1

2. reapply the crypto configuration

3. check syslog but nothing strange capture

4. getting ISP to check if they have any appliance blocking or throttling the IPsec traffic

Not sure if anyone here encounter such issue with ASA VPN. Hope someone can help? Thanks

Labels:
0 Helpful
2 Replies 2

mulatif
Cisco Employee
Cisco Employee

ā€Ž12-22-2010 04:44 PM

Hi Koonmun,

This could be a memory leak issue also.

I would suggest going to the latest firmware as 8.2.1 is not the latest one. If the issue persists then contact TAC to open a case "when you are experiencing the issue", so the necassary information can  be captured.

Thanks,

Naman

0 Helpful

koonmun
Level 1
Level 1
In response to mulatif

ā€Ž01-14-2011 12:11 AM

Thanks Naman,

After all the testing, we decide swap to another ISP and everything back to normal again.

Seem like the original ISP did something on their network which affect our VPN tunnel.

We are awaiting for an answer from the ISP.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents