IPSec VPN between ASA 5520 and an 861 - strange intermittent failure
We have about 20 861 routers connected to an ASA 5520 via IPsec site-to-site. Generally speaking, all of these tunnels are working without issue and have been for several months. The exception to this is that we have 3 locations giving us intermittent issues.
Basically we tunnel a single static public IP (assigned to the 861--connected to the ISP) to the ASA. Behind the 861 is a single privately addressed host (host A). This host behind the 861 receives data from one of two privately addressed hosts behind the ASA (hosts B and C) at random intervals. The hosts behind the ASA are on different but locally attached networks (e.g. 192.168.0 and 192.168.1). Both hosts behind the ASA are the traffic initiators. Host A never initiates--only receives.
Host B and C both NAT behind a public IP on the ASA when initiating to host A. Host A is also NAT'd to the public IP on the 861. We're essentially using just public IP space within these tunnels.
Without warning, suddenly host B is unable to contact host A. The ASA simply logs a timeout. As this is happening, host C is having no issue at all contacting host A. This goes on until one of two things happen (from what I can tell): 1) We bounce the tunnel or 2) We see the message "Responder forcing change of IPSec rekeying from 28800 to 3600 seconds". In either case host B can once again contact host A.
The other 17 locations have never experienced the issue. It is just these 3 sites giving us a problem. The configuration is identical for all of these tunnels. We did just change the SA lifetime to match on both ends, but will not know if that has any impact until tomorrow. The other sites are working just fine without us adjusting the SA lifetime.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...