Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
3
Replies

IPsec L2L vpn not stable

ronald.su
Level 1
Level 1

‎05-19-2019 07:08 PM - edited ‎02-21-2020 09:39 PM

hey guys,

 

I have a lan 2 lan ipsec vpn (thur 2 ASA ), but it's not stable, it will disconnect 2 to 5 time per day randomly.

as I check , it's not cause by sa / isakmp expired, and the internet network connection is good.

i wondering if there any command or switch can let me check the log?

thanks

1 person had this problem
Labels:
0 Helpful
3 Replies 3

mclaughlinm9
Level 1
Level 1

‎05-19-2019 07:42 PM

Under the group policy associated to the vpn tunnel, can you try changing the idle timeout value and also the maximum connect time?
0 Helpful

ronald.su
Level 1
Level 1
In response to mclaughlinm9

‎05-20-2019 12:57 AM

i didn't set any idle time, and policy set as below:

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime none

 

0 Helpful

mclaughlinm9
Level 1
Level 1
In response to ronald.su

‎05-20-2019 06:09 AM

This is a default, that is probably getting inherited from the default group policy if you didn't set it on the group policy attached to the vpn. You can check this:

show run all group-policy <vpns group policy>

If you don't find " vpn-idle-timeout " after running this, then it's being inherited from the default group policy.
you can check the value for the default group policy using:

show run all group-policy DfltGrpPolicy

0 Helpful
Customers Also Viewed These Support Documents