Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2283
Views
5
Helpful
1
Replies

CSCup37416 - Stale VPN Context entries cause ASA to stop encrypting traffic

praveen.bangera@wipro.com
Level 1
Level 1

‎09-30-2015 06:50 AM

Hi All,

Does any one have an permanent fix for this issue? One of customer VPN connections suddenly stops the traffic and connection is lost. This is becoming an regular issue and would need an permanent fix immediately. My current firewall ISO is ASA Version 9.1(6) 

Issue :

Stale VPN Context entries cause ASA to stop encrypting traffic

ASAs which had a working L2L VPN tunnel suddenly stops encrypting traffic. 

The ASP table will show duplicate ASP entries and traffic is hitting an ASP entry
that is stale and the traffic for particular SA is blackholed.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-30-2015 08:43 AM

Hi Praveen,

Developers are working on it and there is no permanent fix yet. But you can try below workarounds:

1)Disable data-based rekeying:
"crypto map <map-name> <seq-num> set security-association lifetime kilobytes unlimited"

2) clear crypto ipsec sa inactive

3) Use IKEv1

You can also open TAC case for further information and you might also be offered to run a debug image to get more details around the issue.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Customers Also Viewed These Support Documents