Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2786
Views
5
Helpful
3
Replies

IPsec VPN drops after 8 hours.

kamrannaseem1
Level 1
Level 1

‎02-13-2018 08:44 AM - edited ‎03-12-2019 05:01 AM

Hello,

 

We have an IPsec VPN on Cisco ASA 9.6(2)  and it keeps dropping after 8 hours.

The other end is using Strong Swan. We have checked the phase 1 and phase 2 settings at both ends and they look ok.

 

Please see the attached logs and the phase 1 and phase 2 settings from cisco asa.

 

Any help will be much appreciated.

 

 

 

Phas1_Phas2_settings.PNG

 

Labels:
Preview file
34 KB
0 Helpful
3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

‎02-13-2018 12:49 PM

8 hours is the default lifetime for the Phase 2 tunnel. It could be possible that the rekey process, which is supposed to take place before that 8 hour time comes about, is failing with Strongswan. 

 

There seems to have been an issue with Strongswan more than a year ago as detailed on this link:

https://wiki.strongswan.org/issues/1293

 

You might want to run the following debugs on the ASA some time before the 8 hour time period to get some more info on what is failing:

 

debug crypto ikev2 protocol 127
debug crypto ikev2 platform 127

 

kamrannaseem1
Level 1
Level 1
In response to Rahul Govindan

‎02-14-2018 02:18 AM

Thank you Rahul,

 

Please see the attached debugs.

Preview file
87 KB
0 Helpful

kamrannaseem1
Level 1
Level 1
In response to kamrannaseem1

‎02-22-2018 03:46 AM

Hi Rahul,

Did you manage to spot any issue as per the debug info provided ?
0 Helpful
Customers Also Viewed These Support Documents