07-08-2012 11:41 AM
Hi,
My VPN tunnel is getting down for every 2 hrs approximately, and will reset automatically after 40-50 min. But if i reset the tunnel in between it will come up. I have cisco asa 5520 and check point utm -1 edge at the other end. what could be the issue? when the tunnel is down, i am getting "Reeceived encrypted packet with no matching SA, dropping" this message in asa fw logs.
Thanks,
Sridhar
07-14-2012 10:08 AM
HI ,
it is normal to see this during rekey and it should not cause a problem .
however in your case it is causing the tunnel to be down for 45 minutes , kindly check the following :
Phase 2 life time at both ends , it should be matching .
and also check those at the time of the failure :
debug crypto isakmp 128
debug crypto ipsec 128
Hope that this helps .
Mohammad.
07-15-2012 11:20 AM
07-15-2012 11:55 AM
HI ,
please check the following :
what are phase 1 and phase 2 lifetimes used on the other side of the tunnel ?
cheers.
Mohammad
07-15-2012 06:13 PM
phase 1- 86400 sec
phase 2 - 8 hrs (28800 sec)
what else can i check to finout the same.
11-03-2013 09:04 PM
Hi Sridhar,
What i was thinking is that there were multiple Security Associations (S.A) tied 2 the same traffic defined by the crypto map. That means that the router on the other end is also receiving the same message.
Regards,
Gurpreet S Puri
****************************
Keep Smiling, Peace
****************************
(Please Rate Helpful Post)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide