03-31-2011 01:03 AM
Hi,
I have some remote locations that connect to my ASA 5510 cluster (Aktive/Passive) using the Cisco VPN Client, from which the connection gets disconnected at random intervals (could be 5 minutes, but sometimes after 15 minutes).
However, some other remote locations do not have this problem. All locations have the same VPN client configuration (distrubited by pcf file).
I already disabled isakmp keepalive on the ASA but this did not help.
If I read it correctly, the Cisco vpn client logging shows that the ASA initiates the ending of the connection.
Does anyone know how to solve this? My customers are getting a bit desperate by this problem....
847 09:13:12.015 03/31/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from <ASA external IP>
848 09:13:12.015 03/31/11 Sev=Info/5 IKE/0x63000040
Received DPD ACK from <ASA external IP>, seq# received = 2407369668, seq# expected = 2407369668
849 09:13:15.453 03/31/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = <ASA external IP>
850 09:13:15.453 03/31/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from <ASA external IP>
851 09:13:15.453 03/31/11 Sev=Info/5 IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = 777EE593 INBOUND SPI = 4981296D)
852 09:13:15.453 03/31/11 Sev=Info/4 IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=16F2FFA9
853 09:13:15.453 03/31/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = <ASA external IP>
854 09:13:15.453 03/31/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from <ASA external IP>
855 09:13:15.453 03/31/11 Sev=Info/5 IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies: I_Cookie=B0E96D7EEC290AE5 R_Cookie=84231BD425460877
856 09:13:15.453 03/31/11 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=B0E96D7EEC290AE5 R_Cookie=84231BD425460877) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED
857 09:13:15.500 03/31/11 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x6d298149
858 09:13:15.500 03/31/11 Sev=Info/4 IPSEC/0x6370000C
Key deleted by SPI 0x6d298149
859 09:13:15.500 03/31/11 Sev=Info/4 IPSEC/0x63700013
Delete internal key with SPI=0x93e57e77
03-31-2011 01:54 AM
I have had this issue before - and it turned out that the remote users provider (they were all using the same one) had BGP issues with the Internet IP Range the VPN was on.
Check your providers.
HTH>
03-31-2011 02:15 AM
Hi,
I have som additional information:
- The ASA's are a replacement for 2 515 PIXes. On the pixes, all connections were stable.
- ASA was upgraded from 8.3.1 to 8.3.2(13), this did not improve stability
Internet providers of the remote locations are being checked now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide