Solved: How to determine cause of ipsec tunnel dropping on ASA 5510

jessica jestol · ‎05-08-2015

Is there any easy way to determine the cause of an ipsec l2l VPN tunnel dropping on an asa 5510? I have logging enabled but, the buffer gets filled up so fast, I can't find anything when it's 24 hours later. I'm working on getting a syslog server/aggregator setup but... until it's complete I need a temporary measure. Suggestions?

Mohammad Alhyari · ‎05-08-2015

Hi Jessica.

For the buffered limit you can try :

Increase the buffer size to the max.

limit the logs to the vpn class:

Logging class vpn buffered debugging.

On the other hand you can try the debugs :

Debug crypto condition peer peer_address

debug cry isa 128

debug cry ipsec 128

If you lose the ssh session the debugs will be disabled. Finally for the vpn tunnels usually it goes down due to :

Idle timeout

dead peer detection

delete from other end.

HTH.

View solution in original post

Mohammad Alhyari · ‎05-08-2015