Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
1
Replies

CSCup37416 - Stale VPN Context entries cause ASA to stop encrypting traffic

praveen.bangera@wipro.com
Level 1
Level 1

‎09-30-2015 06:50 AM

Hi All,

Does any one have an permanent fix for this issue? One of customer VPN connections suddenly stops the traffic and connection is lost. This is becoming an regular issue and would need an permanent fix immediately. My current firewall ISO is ASA Version 9.1(6) 

Issue :

Stale VPN Context entries cause ASA to stop encrypting traffic

ASAs which had a working L2L VPN tunnel suddenly stops encrypting traffic. 

The ASP table will show duplicate ASP entries and traffic is hitting an ASP entry
that is stale and the traffic for particular SA is blackholed.

3 people had this problem
Labels:
0 Helpful
1 Reply 1

ciscosureshn
Level 1
Level 1

‎11-02-2015 10:24 AM

Praveen,

  Tried the cisco work arounds..?

Workaround:Potential workarounds:

1)Disable data-based rekeying:
"crypto map set security-association lifetime kilobytes unlimited"

2) clear crypto ipsec sa inactive

3) Use IKEv1

Let know once applied.

0 Helpful
Customers Also Viewed These Support Documents