geleman
asked on
Cisco VPN Tunnel Intermittently Connecting
I have 2 Cisco ASA 5505's set up for a vpn. One is a remote location. Last week the remote location started having a intermittent connection problem here at the central office. I have been on with Cisco support and the setup is correct on both routers. I have a second vpn tunnel that is functioning properly and hasn't seen any issues at all back to the central office. While on with Cisco support we have run packet captures and we see the packets going out and from both locations but they aren't always being received by the other location. Cisco suggested that it might be something to do with the ISP. We got them on a conference call and they said that there isn't anything that could be happening on there end. They said we could email them the packet captures but that doesn't mean anything can be done. This all started to occur when they had network problem. I was concerned that maybe our traffic might have been possibly being intercepted by I monitored over the weekend and didn't have any unusual traffic in my snort logs or my ntop. Traffic was non existent. So I'm kind of at a loss as well as Cisco Support also. We are going to redo the packet captures today and email to the ISP support but who knows they said it isn't them already. Could this possibly be a hardware issue? Cisco doesn't seem to think so.
Last Comment
RPPreacher
Post both ASA configs, please.
ASKER
ASKER
ASKER
I hope I sanitized it enough I've never publicly posted my config before. Just a little more info also. There are times that it will connect and stay up for a short amount of time but it doesn't continue to stay up. The thing is also the 2nd vpn I have, the remote location is with another ISP and there isn't a problem at all with that connection.
I had this problem once before. I finally deleted the VPN tunnels config on both sides and set it up again. This fixed the problem.
How many users are at each location? How does that compare with the user license limit of the ASA? 5505s have a 10 user limit on entry level ASA.
ASKER
Only 1 user. So it's not a license issue. As I said before everything worked fine up until the ISP had and issue but they claim there is nothing wrong on there end at all despite us seeing the packets leaving both ends and encrypted.
Are you dropping packets?
ASKER
They are leaving the locations but not all packets are making the destination. This is happening both ways. The remote location can surf the net but the VPN tunnel is not connecting correctly.
No. I mean outside of the tunnel.
If you ping from public address to public address on ASA are you dropping packets?
If you ping from public address to public address on ASA are you dropping packets?
ASKER
ICMP is blocked on the outside interface of the routers. The ISP support was able to ping both public IP's without a problem. You should be able to ping from inside interface to inside interface through the tunnel though. Problem is that they are leaving but not arriving.
I suggest that you enable ICMP on the outside interface. Set up a continuous ping and look for dropped packets.
Dropped packets will cause innumerable VPN issues.
Dropped packets will cause innumerable VPN issues.
ASKER
Enable icmp by issuing command permit icmp any outside on both routers and there seems to be some packet loss
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
seems if I ping another IP from the either location i.e. google.com I don't have any packet loss, but when I ping the IP addresses that the vpn tunnel is on I get packet loss.
OK. So submit that to the ISP.
ASKER
The ISP finally figured out it was their problem and not mine.
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
