Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1648
Views
0
Helpful
2
Replies

VPN reconnecting

SupportAC
Level 1
Level 1

‎07-05-2018 04:24 AM - edited ‎03-12-2019 05:26 AM

We have configured a new vpn with an external branch in an ASA-5510 over IKEv2. The VPN connection is reconnected exactly every 2 minutes and 46 seconds. I have taken many traces / debugs but I do not understand what is happening. The most significant thing I've seen:
IKEv2-PLAT-1: (298): Rejecting child SA with the same traffic selectors as existing child SA - local protocol: 0 local selector: 10.1.1.0/0 - 10.2.4.255/65535 remote protocol: 0 remote selector: 10.200. 13.0 / 0 - 10.200.13.255/65535.

 

Why the VPN is reconnecting every 2.46 mins???? any idea?

 

Thanks

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎07-05-2018 04:30 AM

Hi,
Can you provide the full configuration of both firewalls please?
Can you provide the output of both commands "show crypto ikev2 sa detailed" and "show crypto ipsec sa detailed".
When the tunnel is briefly up, can you ping or access anything on the other end?
0 Helpful

blradmin
Level 1
Level 1

‎11-11-2018 11:00 PM

I have tried sever relogin to VPN but SA Child is not getting clear.Most of the time VPN will work without issue

 

Rejecting child SA with the same traffic selectors as existing child SA - local protocol: 0 local selector: x.x.x.x/0 - x.x.x.x/65535 remote protocol: 0 remote selector: x.x.x.x/0 - x.x.x.x/65535

0 Helpful
Customers Also Viewed These Support Documents