Cisco ASA site to site

Posted on 2009-12-28
Medium Priority
Last Modified: 2012-05-08
I have a site to site VPN set up but am experiencing dropouts. I will paste below some of the log entries from site 2. Keepalives are left as default.

Group = 79.xxx.xxx.xxx, IP = 79.xxx.xxx.xxx, Received DPD sequence number 0x210df0e3 in R_U_THERE_ACK, expected 0x210df0e4

Group = 79.xxx.xxx.xxx, IP = 79.xxx.xxx.xxx, IKE lost contact with remote peer, deleting connection (keepalive type: DPD)

IPSEC: An inbound LAN-to-LAN SA (SPI= 0xA78A69E8) between 213.xxx.xxx.xxx and 79.xxx.xxx.xxx (user= 79.xxx.xxx.xxx) has been deleted.

IPSEC: An outbound LAN-to-LAN SA (SPI= 0xCDB659DA) between 213.xxx.xxx.xxx and 79.xxx.xxx.xxx(user= 79.xxx.xxx.xxx) has been deleted.

Group = 79.xxx.xxx.xxx, Username = 79.xxx.xxx.xxx, IP = 79.xxx.xxx.xxx, Session disconnected. Session Type: IPsec, Duration: 0h:00m:50s, Bytes xmt: 3818, Bytes rcv: 5045, Reason: Lost Service

One of the sites 79.x has a slow internet connection which I think may be to blame here. Any suggestions gratefully received.

Thanks. J.
Question by:jerryhatt
  • 2
LVL 81

Expert Comment

ID: 26135652
Is the slow connection location experiences bandwidth saturation?
Do you have QoS policy setup to prioritize resources/bandwidth for the VPN?
What is your interface queuing policy queue or FIFO with packets being dropped when bandwidth usage is exceeded?

Author Comment

ID: 26136889
The connection at one end is an ADSL 4 meg connection. The other end is a 100meg leased line.
The ADSL connection is used solely for the transfer between servers so there is no other traffic. I guess it could be saturation as it is only a narrow pipe.

I have not set up IQP or FIFO so it would be default (Cisco ASA 5505 both ends).

LVL 81

Accepted Solution

arnold earned 2000 total points
ID: 26137963
Well it seems as though it is a queuing setup since one side received a delayed packet.
What is the upstream on the ADSL. ADSL is often asynchronous i.e. you could have 4meg down and 768k up.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question