Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
1
Replies

Site-to-Site VPN disconnection issue

hxmengmetro
Level 1
Level 1

‎11-15-2010 07:10 AM

Hi All,

I have successfully setup one site-to-site VPN connection between ASA5510 and 851 router. The VPN connection dropped twice last week. According to the monitoring system, the first disconnection lasted 2 minutes and 2nd one lasted 49 minutes. WAN connection in 851 router is through a bridged WiMAX connection. I checked the 851 router's log and didn't find any disconnection about WAN. No LAN disconnection either. So there was no obvious physical disconnection when the VPN dropped.

The only thing I can come up with is the WiMAX wan connection may have some larger delay some time which could cause VPN connection drop. The current IKE keepalive in ASA is 10 seconds. I didn't change the keepalive setting in 851. Is there any possiblity that long delay cause the keepalive fail? But 10 seconds should be long enough to cause the WAN disconnection. I can do a debug on the routers, but this disconnection is not very often. The connection has been stable for 3 days since last drop.

By the way, is there any optimized setting which can make reconnection faster if VPN dropped?

Please help. Any ideas will be greatly appreciated.

Lou

Labels:
0 Helpful
1 Reply 1

hxmengmetro
Level 1
Level 1

‎11-15-2010 07:24 AM

I just googled some similar issues like mine. Someone said the "ip tcp adjust-mss 1452" in 851 may cause the disconnection. I will go ahead to remove this command and see what will happen.

Lou

0 Helpful
Customers Also Viewed These Support Documents