Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1181
Views
0
Helpful
3
Replies

VPN dropping to international location Cisco ASA 5510

mitchell helton
Level 1
Level 1

‎07-05-2011 10:20 AM

Hello,

We have an ASA 5510 and are having issues supporting a client in Europe.  After about 5 minutes (sometimes it will last up to 30 minutes) we drop the connection with Reason 412:  The remote peer is no longer responding.  We are using the Cisco VPN client with the newest software version.  We have also tried this on both 32 bit and 64 bit OS's.  We have no issues VPNing to any other clients or with anyone VPNing into us.  It's only with the client in Europe.  We are able to VPN into their US site without any problems.  They also claim they have no issues with anyone else VPNing into them.

Is there something on our end that could be the culprit or is it likely a problem with them?  Thanks for your help with this... I'm really not sure what else to check.

Mitch

Labels:
0 Helpful
3 Replies 3

Todd Pula
Level 7
Level 7

‎07-05-2011 10:37 AM

You will want to debug a problem client session on your 5510 while collecting a clean set of logs on the client.  This will provide additional details that can be used to isolate the problem further.

Crypto Debugs:

ASA5505-01# debug crypto condition peer 1.1.1.1 <-IP of test client exhibiting the problem

ASA5505-01# deb cry isa 200

ASA5505-01# deb cry ipsec 200

Client Logging:

http://www.cisco.com/en/US/customer/docs/security/vpn_client/cisco_vpn_client/vpn_client46/win/user/guide/vc7.html#wp1300816

0 Helpful

mitchell helton
Level 1
Level 1
In response to Todd Pula

‎07-21-2011 07:02 AM

Thanks for the advice.  I'm having a difficult time getting any information debugged.  The CLI on the ASA (at least this model) doesn't seem as fluid as the other Cisco IOSs I've worked with.  Term mon doesn't seem to work (unless I'm doing something wrong).

Anyway, I'm entering the commands you suggested but am not seeing any output in the syslogs, the telnet session or the ASDM itself.  I've gone through the ASDM and set all the logging levels to debug but still don't see any info.  I'm not sure what I'm doing wrong.  Also, for the peer IP you recommended setting, is that the IP of the actualy NIC on the machine, or the IP the VPN client is receiving?  Thanks for your help.

mitch

0 Helpful

mitchell helton
Level 1
Level 1
In response to mitchell helton

‎09-23-2011 01:02 PM

Does anyone else have any suggestions?  Here is some updated information:

There is 1 other customer that we are having issues supporting... they ARE in the U.S. (unlike the other customer we are having issues with)

Our ASA is configured to use ipsec over udp to accept incoming connections.  The client we are using to connect to them is configured to use ipsec over tcp (per their request).  Could this be an issue or is it irrelevant?

We were able to establish a connection through another ISP that was not going through our ASA.

Any thoughts?  Thanks in advance!

0 Helpful
Customers Also Viewed These Support Documents