07-22-2014 05:53 AM
Hello,
I have a VPN between my on premise servers and MS azure and it is disconnected every one minute more or less.
I have attached a debug file generated into the ASDM.
192.168.213.0 is the Azure Network and 10.xx.x.x are the on premise networks.
I don´t know why this is happening:
7|Jul 22 2014|14:41:21|713906|||||Ignoring msg to mark SA with dsID 255590400 dead because SA deleted 4|Jul 22 2014|14:41:21|113019|||||Group = AZ.UR.E.IP, Username = AZ.UR.E.IP, IP = AZ.UR.E.IP, Session disconnected. Session Type: IPsec, Duration: 0h:00m:58s, Bytes xmt: 4438, Bytes rcv: 7604, Reason: User Requested 5|Jul 22 2014|14:41:21|713259|||||Group = AZ.UR.E.IP, IP = AZ.UR.E.IP, Session is being torn down. Reason: User Requested
Any idea?
The configuration is the default configuration provided by azure.
Thanks.
07-23-2014 12:23 AM
Hello,
Finally I have solved the issue, is mandatory have the same networks in both extremes.
Local networks in azure have to be exactly the same in the crypto map ACL of the ASA 8.3 device
Like these lines :
access-list azure-vpn-acl extended permit ip object-group onprem-networks object-group azure-networks
crypto map OUTSIDE_map 20 match address azure-vpn-acl
My problem was the follwing, I had in the azure local networks 10.50.0.0/24 and 10.50.0.50/32 into the ASA acl cyptomap and it produced disconnections every one minute.
08-18-2014 08:54 AM
This solution worked great for us as well with an ASA 5512 running 9.3(1) firmware. The virtual networks created in Azure didn't match up with the networks on the ASA. Since we couldn't just delete the virtual network address space in Azure we had to completely blow away the Virtual Network in Azure using this page:
http://fabriccontroller.net/blog/posts/solving-the-virtual-network-myvnet-is-in-use-and-cannot-be-deleted-error-when-deleting-a-windows-azure-virtual-network/
Once the network was rebuilt in Azure and the networks on the ASA and Azure matched up, the VPN stayed up longer than 60 seconds (1 minute).
04-11-2018 03:01 AM
This solution also worked for me on 9.4(4)5.
There was a single /29 network specified on the Azure LNG that wasn't specified on the Crypto Map on the ASA.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: