cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
705
Views
4
Helpful
3
Replies

Tunnel Drops

scottwclarke
Level 1
Level 1

Hi Having a weird issue between a ASA 5505 and ASA 5520 both are running 804-K8.

The tunnel will remain up for around 8 Hours then drop. It will then be down for about 30 seconds before coming back up.

This wasn't a problem until we started replicating across the tunnel and the drops crash the replication.

We have upped the timeouts and neither of them are now breached.

I have been hitting my head against this for a while now and any help would be gratefully received.

The errors when this happens are

2009-06-05 01:12:40 Local4.Notice LocalIP Jun 05 2009 01:10:33: %ASA-5-713041: Group = PublicIP, IP = PublicIP, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer publicIP local Proxy Address localrange, remote Proxy Address remoterange, Crypto map (vpn)

2009-06-05 01:13:12 Local4.Error LocalIP Jun 05 2009 01:11:05: %ASA-3-713902: Group = PublicIP, IP = publicIP, QM FSM error (P2 struct &0xd4f53f60, mess id 0x89aa93ae)!

2009-06-05 01:13:12 Local4.Alert LocalIP Jun 05 2009 01:11:05: %ASA-1-713900: Group = PublicIP, IP = PublicIP, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

2009-06-05 01:13:12 Local4.Warning Localnetwork Jun 05 2009 01:11:05: %ASA-4-113019: Group = PublicIP, Username = PublicIP, IP = publicIP, Session disconnected. Session Type: IPsec, Duration: 8h:35m:58s, Bytes xmt: 3210418510, Bytes rcv: 188159058, Reason: Phase 2 Error

These are coming when the tunnel drops, I would normally say there was a miss-configured endpoint or IP typo but the tunnel comes up and is fairly stable, it looses about 30 seconds every 8 hours, but unfortunately this is to much for the tunnels purpose.

Thanks,

Scott

3 Replies 3

vkapoor5
Level 5
Level 5

If you are using an ASA running software version 7.1 then it is bug CSCse29700. WebVPN and SSL VPN Client sessions to an ASA running software version 7.1 are intermittently disconnected As a workaround, perform either of these steps:

Reload the Cisco Adaptive Security Appliance (ASA) until the issue is resolved.

Download and upgrade the ASA software to any one of these versions:

7.2(1.3)

Hi thanks for the reply but I am running 8.03 is the problem still occuring in this build?

scottwclarke
Level 1
Level 1

Sorry to bump this but it is a real problem while moving large files between sites.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: