07-26-2011 02:08 AM
Hi there,
I have set up a IPsec L2L VPN between a ASA5510 and a ASA5505 which is working just fine.
Every now and then our management station receives the following syslog message:
Session disconnected. Session Type: IPsec, Duration: 2h:23m:23s, Bytes xmt: 3283338, Bytes rcv: 8637607, Reason: Phase 2 Error
I have already searched the forum for this message to exclude all the possible reasons for this message:
- the complete crypto maps are the same on both ends (lifetime, psk, pfs etc)
- the ACL's used in the crypto maps are exactly the opposite of each other
9 IKE Peer: xxx-xxx
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 28800
1 IKE Peer: yyy-yyy
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 28800
Does anybody knows why this error occurs?
As you can see the tunnel has been up and running for almost 2,5 hours.
Thanks in advance
07-26-2011 06:50 AM
Frequently the reason for session disconnect is that there has been packet loss or some temporary loss of connectivity at one of the peers.
My suggestion would be to check in the logs of both ASAs around the time that this syslog was generated and see if there are any other log messages on the ASA that might shed light on what was happening.
HTH
Rick
07-27-2011 06:53 AM
Hi,
Two questions:
- is the time for shutdown always the same (mean duration)?
- is there any utilization of your line?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide