Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
0
Helpful
1
Replies

Site to Site VPNs Bouncing

OTO5H120808
Level 1
Level 1

‎01-25-2011 03:56 PM

I have a Cisco 3825 running C3825-ADVSECURITYK9-M, Version 15.1(2)T1.

There are three static site-to-site VPNs talking to 5505s.

All have been in and running for months.

Then one of the VPNs went down due to a circuit issue.

This caused the other two VPNs to bounce up and down, even though they are on completely different facilities.

Debug isakmp was madly generating error messages for all three VPNs.

When I removed the circuit-affected VPN by removing its ACL, the other two came up solidly.

Once the circuit was fixed, I added it back in and all is now fine.

How can this happen? There is no way a physical layer issue on one VPN should affect the others with their own functioning circuits.

Advice, please?

/fred

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-25-2011 07:05 PM

Base on the information provided, my guess would be that the VPN that has the circuit issue is actually causing the ASA5505 high cpu, etc. which in turn causes the other 2 VPNs which has no issue to bounce up and down. As you say, the facilities for the 3 VPNs are completely separate, and the common point of failure seems to point to the ASA firewall.

So in summary, here is my theory:

VPN with the circuit down causes the ASA to probably has high CPU, or memory leak, that causes the other 2 VPN tunnels to bounce up and down.

0 Helpful
Customers Also Viewed These Support Documents