IPSec drops and stopp at MSG2

Jon Are Endrerud · ‎12-18-2013

We have a reoccuring problem with a site to site tunnel. It will work for 1 to 15 days, then drop and both sides will then stop at MSG2. It seems like both sides don't see eachother. Ping and other protocols work during this. Sometimes it help to reboot one of the sides.

Site A (we have tried Cisco ASA 5550 and 5555x on two diffrent fiber connections)
Site B (using Palo Alto, also tried Fortigate, used the same ISP provider the hole time).

We have also used AES, 3DES, MD5.

When the sites reconnect, all logs and negotiating seems normal.

I have researched this for months without luck, can anyone help me?

Sent from Cisco Technical Support iPad App

Please rate as helpful, if that would be the case. Thanx

Jon Are Endrerud · ‎12-19-2013

Also tried a Cisco 5505 from location B, same problems occur, the ASAs are starting to report duplicate phase1 packets.

After trying five diffrent units from Cisco 5555x, 5550, 5505, Palo Alto, Fortigate and two diffrent fiber providers at site A, i must assume the problem has something to do with the ISP at site B.

Anyone agree?

Sent from Cisco Technical Support iPhone App

Please rate as helpful, if that would be the case. Thanx

IPSec drops and stopp at MSG2

Doc - Troubleshooting Drops en NCS 5500 - Service Provider

IPSec DVTI /SVTI issue

XR: "show drops-all" コマンドが実行できない

Lab - Configuração DMVPN com IPsec

原创翻译：Output drops ,Input queue drops & Hold queues