Solved: Juniper Firewall to cisco asa 5540 VPN drops every 45 mins

markjwalmsley · ‎10-11-2012

Hi All - We have a VPN established between the above devices (I don't have more info on the Juniper as it's a client site) The Juniper initiates the VPN and all is well, tunnel is up all ok but approx every 45 minutes the VPN drops.

Any ideas what this could be and what we can do to narrow down the problem, the tunnel parameters are set to keep it alive for 8 hours but that doesn't help.

Many thanks for your help in advance

Cheers

Mark.

Stephen Carter · ‎10-11-2012

Mark,

I think you'll find that if you have NTP set to an official source, ie not manually set then the link will stay up.

The issues is something to do with the clocks at each end going out of sync then resetting themselves periodically.

Hope this helps,

Stephen

View solution in original post

Jennifer Halim · ‎10-11-2012

Disable the ISAKMP keepalive or any other DPD/keepalive on both the ASA and Juniper firewall.

Keepalive is not compatible between 2 different vendors.

markjwalmsley · ‎10-11-2012

Thanks Jeniffer that's useful to know - it seems Stephen's answer below is the one that's fixed it though.

Many thanks for your help!!

Jennifer Halim · ‎10-11-2012

Great.. I am learning new thing everyday

Stephen Carter · ‎10-11-2012

Mark,

I think you'll find that if you have NTP set to an official source, ie not manually set then the link will stay up.

The issues is something to do with the clocks at each end going out of sync then resetting themselves periodically.

Hope this helps,

Stephen