VPN traffic interruption on ASA5540 Running 8.3 code
Intermittently, L2L VPNs traversing a particular interface on my ASA 5540 get torn down and are not able to complete phase 1. These tunnels run for weeks with the exact config in the ASA, and then randomly stop passing traffic. Importantly, this affects only VPN related traffic. Additionally, we run SSL VPN through the same interface on the ASA and that stops allowing incoming connections as well. I also have L2L VPN tunnels built up to other interfaces on the ASA and they are not affected.
My ASAs are running in active/standby and I can force a failover to whatever unit is acting as the standby, and the issue is immediately cleared with no other intervention. Recently, this issue presented and I noticed that my dynamic ARP table had multiple erroneous interfaces bound to the MAC address of the interface that has issues with VPN traffic. Instead of performing a failover event, I cleared the dynamic arp entries and the issue was immediately resolved. I can only assume that the HA failover process also forces an arp cache clear, which explains why that resolved the issue previously.
I have had the same hardware running the same code for quite some time and this issue only recently cropped up. There were no config changes made to the ASA for some time prior to the first manifestation of the issue.
I have debug logging enabled and am send this info to a syslog server. I captured output from some of these events but haven’t been able to make heads or tails of it.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...