EZVPN Through ASA Dropping

Justin Lenhart · ‎03-31-2011

I have an ASA5505 behind an ASA5505 that uses EZVPN to create a VPN to our office. The tunnel drops every 12hrs. This setup used to work when I had a linksys router as my edge device at home. I recently acquired an ASA 5505 to replace the linksys. Below is a cheesy diagram of how things are setup.

EZVPN Client(ASA5505)---ASA5505----Internet----Headend ASA

I'll be posting the config of the EZVPN ASA and the edge ASA at my home in a few. I also have some syslog messages from the EZVPN ASA but I couldn't find any good syslog messages from the edge ASA.... I couldn't find any messages that state that the connection is being blocked.

Justin Lenhart · ‎03-31-2011

Here are the two configs.

Justin Lenhart · ‎04-04-2011

Here is a syslog message I get on the EZVPN ASA when the tunnel goes down.

Mar 16 2011 21:21:37: %ASA-4-113019: Group = X.X.X.X, Username = X.X.X.X, IP = X.X.X.X, Session disconnected. Session Type: IPsecOverNatT, Duration: 12h:01m:44s, Bytes xmt: 21336464, Bytes rcv: 2543163, Reason: Lost Service

demon.razgriz · ‎04-11-2011

Its sound like a well know bug on vpn connection, the reason is for the feature called DPD, its detect a comunication issue and its down the vpn connection.

Justin Lenhart · ‎04-11-2011

Any known work around?

demon.razgriz · ‎04-12-2011

I think that the workaround is deactivate DPD, the problem its related to the client not to the server.

tell how its result