Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2354
Views
0
Helpful
1
Replies

Connection Teardowns on IPsec Site-to-Site ASA VPN Connections

miketfp2003
Level 1
Level 1

‎02-11-2011 12:15 PM - edited ‎02-21-2020 05:10 PM

I have a few Cisco ASA's that all of a sudden are blocking TCP ports.  We have surveillance DVR's that have been installed and working properly for over a year now.  They are web based viewers that redirect from port 80 to the control port 1600.  We can successfully connect via devices on the LAN, but not over site-to-site IPsec tunnel VPN connections.  We reach the DVR on port 80, but when it redirects to port 1600, it will be denied and eventually time out.  I can do remote port scans and see that port 1600 is open and listening and can successfully ping the device.  All other ports and connections are working between the VPN connections at these sites.

Below are some of the logs that I am seeing.  The ASA is immediately tearing down the connection.  We have 15 sites with ASA's and all sites have the same equipment.  In the last couple of days, this began happening on a few devices.  All of the other sites are still working properly and the connections are not being denied.  There have been no configuration changes or ASA upgrades done recently and I'm not sure what can be causing this issue all of a sudden on several sites.  These DVR's are working properly on the local LAN's and through Remote Access - Transport Mode via VPN Client, just not throuht the site-to-site IPsec tunnel connections.

Any advice would be greatly appreciated.

Logs from site that will not complete connection:

6|Feb 08 2011|23:53:07|302014|192.168.1.150|10.1.6.100|Teardown TCP connection 1047 for outside:192.168.1.150/9156 to inside:10.1.6.100/16000 duration 0:00:00 bytes 1076 TCP FINs
6|Feb 08 2011|23:53:06|302013|192.168.1.150|10.1.6.100|Built inbound TCP connection 1048 for outside:192.168.1.150/9157 (192.168.1.150/9157) to inside:10.1.6.100/1600 (10.1.6.100/80)
6|Feb 08 2011|23:53:06|302013|192.168.1.150|10.1.6.100|Built inbound TCP connection 1047 for outside:192.168.1.150/9156 (192.168.1.150/9156) to inside:10.1.6.100/80 (10.1.6.100/80)

Logs from site with successful connection:

|Feb 11 2011|03:46:42|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95357 for outside:192.168.1.150/26576 (192.168.1.150/26576) to inside:10.1.14.100/80 (10.1.14.100/80)
6|Feb 11 2011|03:46:42|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95356 for outside:192.168.1.150/26575 (192.168.1.150/26575) to inside:10.1.14.100/80 (10.1.14.100/80)
6|Feb 11 2011|03:46:42|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95355 for outside:192.168.1.150/26574 (192.168.1.150/26574) to inside:10.1.14.100/80 (10.1.14.100/80)
6|Feb 11 2011|03:46:41|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95354 for outside:192.168.1.150/26573 (192.168.1.150/26573) to inside:10.1.14.100/1600 (10.1.14.100/1600)
6|Feb 11 2011|03:46:39|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95353 for outside:192.168.1.150/26572 (192.168.1.150/26572) to inside:10.1.14.100/1600 (10.1.14.100/1600)
6|Feb 11 2011|03:46:39|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95352 for outside:192.168.1.150/26571 (192.168.1.150/26571) to inside:10.1.14.100/1600 (10.1.14.100/1600)
6|Feb 11 2011|03:46:39|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95351 for outside:192.168.1.150/26570 (192.168.1.150/26570) to inside:10.1.14.100/1600 (10.1.14.100/1600)
6|Feb 11 2011|03:45:20|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95347 for outside:192.168.1.150/26558 to inside:10.1.14.100/80 duration 0:00:00 bytes 3649 TCP FINs
6|Feb 11 2011|03:45:20|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95343 for outside:192.168.1.150/26554 to inside:10.1.14.100/80 duration 0:00:01 bytes 31311 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95346 for outside:192.168.1.150/26557 to inside:10.1.14.100/80 duration 0:00:00 bytes 3511 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95344 for outside:192.168.1.150/26555 to inside:10.1.14.100/80 duration 0:00:00 bytes 3600 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95345 for outside:192.168.1.150/26556 to inside:10.1.14.100/80 duration 0:00:00 bytes 1886 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95342 for outside:192.168.1.150/26553 to inside:10.1.14.100/80 duration 0:00:00 bytes 1897 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95341 for outside:192.168.1.150/26552 to inside:10.1.14.100/80 duration 0:00:00 bytes 1879 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95340 for outside:192.168.1.150/26551 to inside:10.1.14.100/80 duration 0:00:00 bytes 1880 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95339 for outside:192.168.1.150/26550 to inside:10.1.14.100/80 duration 0:00:00 bytes 1875 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95338 for outside:192.168.1.150/26549 to inside:10.1.14.100/80 duration 0:00:00 bytes 1873 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95337 for outside:192.168.1.150/26548 to inside:10.1.14.100/80 duration 0:00:00 bytes 3194 TCP FINs
6|Feb 11 2011|03:45:19|302014|192.168.1.150|10.1.14.100|Teardown TCP connection 95336 for outside:192.168.1.150/26547 to inside:10.1.14.100/80 duration 0:00:00 bytes 2199 TCP FINs
6|Feb 11 2011|03:45:19|302013|192.168.1.150|10.1.14.100|Built inbound TCP connection 95347 for outside:192.168.1.150/26558 (192.168.1.150/26558) to inside:10.1.14.100/80 (10.1.14.100/80)

Labels:
0 Helpful
1 Reply 1

brian.holmes
Level 1
Level 1

‎02-16-2011 04:22 AM

Just curious if your IPSEC frames are coming in out-of-order when this occurs.  Check the IPSEC seq # in the frames.

Brian Holmes
Verizon
0 Helpful
Customers Also Viewed These Support Documents