01-24-2012 07:22 AM
Hey,
I have a problem with multiple VPN tunnels that I cannot figure out.
I have a IPSEC site-to-site vpn between a Cisco ASA5510 and a Juniper SSG520.
The VPN is up and running as expected exept when Phase 1 needs to be renegotiated.
When that happends (Every 24 hour) the Citrix clients looses connection to the Citrix server and the Outlook clients are reporting "Offline"
I have setup some ping jobs that shows that only 1 packet is lost during the Phase 1 renegotiation.
The users can connect to the servers afterwards without any problems but they are anoyed by this.
I have updated both firewalls to the newest firmware release without any luck.
Anyone have a clue as to how to get this fixed.
Before we changed to the ASA5510 we were using a Watchguard X700 firewall and what didn't have this problem.
Hope someone can shed some light on this.
Best Ragards
Martin
01-24-2012 07:51 AM
Hey
by default phase one is valid for 24hrs.
Check when tunnel comes up which particular phase-one parameters are exchange and create a deplicate of that particular policy with a lifetime value of zero and same policy must exists on other side of the tunnel.
Try if that helps.
thanks
01-24-2012 11:55 PM
Thanks for your answer. I believe it isn't possible to create a Phase 1 that is unlimited in time and amount of data. At least ASDM tells me this isn't possible, I guess this is a safety precaution.
Anyway if I need to do some debugging on the ASA, what elements should I enable debugging on?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide