Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10208
Views
0
Helpful
1
Replies

Session is being torn down. Reason: User Requested

FlorianBerthelot
Level 1
Level 1

‎11-03-2013 10:34 PM

Hi,

I have an issue with a Site to site VPn using IPSec.

I have several tunnels all configured the same and this is the only one with the isssue. looks like the VPN is dropped whene remote peer pings the internal IP (172.16.30.88). Tunnel drops after 7 - 8secs.

I got this message when enabling isakmp debug :

Nov 04 17:20:32 [IKEv1]Group = 2XX.YY.140.135, IP = XX.YY.140.135, Session is being torn down. Reason: User Requested

I would really appreciate some advice about how to troubleshoot this issue, as i am new to ASA.

Here are some more logs :

Thanks in advance !

5|Nov 04 2013|16:53:19|713904|||||IP = XX.YY.140.135, Received encrypted packet with no matching SA, dropping

4|Nov 04 2013|16:53:19|113019|||||Group = XX.YY.140.135, Username = XX.YY.140.135, IP = XX.YY.140.135, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:10s, Bytes xmt: 608, Bytes rcv: 128, Reason: User Requested

5|Nov 04 2013|16:53:19|713259|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Session is being torn down. Reason: User Requested

6|Nov 04 2013|16:53:19|302020|172.16.10.19|0|172.16.10.254|0|Built inbound ICMP connection for faddr 172.16.10.19/0 gaddr 172.16.10.254/0 laddr 172.16.10.254/0

6|Nov 04 2013|16:53:19|602304|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x0864D3AB) between XX.YY.140.135 and 202.171.68.14 (user= XX.YY.140.135) has been deleted.

6|Nov 04 2013|16:53:19|602304|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0x94F43112) between 202.171.68.14 and XX.YY.140.135 (user= XX.YY.140.135) has been deleted.

5|Nov 04 2013|16:53:18|713050|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Connection terminated for peer XX.YY.140.135.  Reason: Peer Terminate  Remote Proxy 192.168.0.0, Local Proxy 172.16.30.88

6|Nov 04 2013|16:53:18|302020|172.16.30.88|0|192.168.0.1|26299|Built outbound ICMP connection for faddr 192.168.0.1/26299 gaddr 172.16.30.88/0 laddr 172.16.30.88/0

6|Nov 04 2013|16:53:18|302020|192.168.0.1|26299|172.16.30.88|0|Built inbound ICMP connection for faddr 192.168.0.1/26299 gaddr 172.16.30.88/0 laddr 172.16.30.88/0

5|Nov 04 2013|16:53:08|713120|||||Group = XX.YY.140.135, IP = XX.YY.140.135, PHASE 2 COMPLETED (msgid=f141e93e)

6|Nov 04 2013|16:53:08|602303|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x0864D3AB) between 202.171.68.14 and XX.YY.140.135 (user= XX.YY.140.135) has been created.

6|Nov 04 2013|16:53:08|602303|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0x94F43112) between 202.171.68.14 and XX.YY.140.135 (user= XX.YY.140.135) has been created.

5|Nov 04 2013|16:53:08|713049|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Security negotiation complete for LAN-to-LAN Group (XX.YY.140.135)  Responder, Inbound SPI = 0x0864d3ab, Outbound SPI = 0x94f43112

5|Nov 04 2013|16:53:08|713119|||||Group = XX.YY.140.135, IP = XX.YY.140.135, PHASE 1 COMPLETED

6|Nov 04 2013|16:53:08|113009|||||AAA retrieved default group policy (CLT_TEASOA_L2L_GroupPolicy) for user = XX.YY.140.135

6|Nov 04 2013|16:53:08|713172|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device

4 people had this problem
Labels:
0 Helpful
1 Reply 1

fcmartinez
Level 1
Level 1

‎03-12-2014 10:58 AM

Hi Florian

tunnel is coming UP?

 

if so and after few time is going down...sometimes could be related to sessions timeout issues.

try to configure SLA with infinite ping  and see if this works.

sla monitor x
   type echo protocol ipIcmpEcho sla_monitor_address interface outside_interface
   frequency 5
exit
sla monitor schedule 1 life forever start-time now

 

0 Helpful
Customers Also Viewed These Support Documents