Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 647
  • Last Modified:

Cisco network ASA 5520 & 877 VPN's dropping

Hi,

I have a Cisco ASA 5020 in the head office (5mb leased line) with 7 branch offices using Cisco 877's + 8mb ADSL
Every site experiences several VPN drops throughout the day mostly only for a few seconds - is there any way to combat this.

Traffic is light - Email, web browsing (Through a proxy), RDP session.

Some sites are worse than others but overall none of them are reliable - We have one site using a 2mb fibre to the building leased line and drops occur maybe once every two days which is ok - Is it down to the ADSL quality in these sites or would ios / firmware upgrades help.

Thanks,
0
joe90kane
Asked:
joe90kane
1 Solution
 
asavenerCommented:
VPN reliability is almost entirely dependent on the reliability of the Internet connectivity.

I would set up an IMCP monitor for the public IPs of the remote sites as well as internal addresses at the remote sites, and see if there's a correlation between packet loss.

0
 
Galtar99Commented:
Have your service provider perform over night testing on the circuit and check the interface counters of the circuits in question for errors.
0
 
decoleurCommented:
most VPN connections have an inactivity timeout that will cause a connection to drop if there is no interesting traffic traversing an encrypted tunnel.

you should be able to get an indication in the logs of the VPN endpoints what caused the tunnel to disconnect.

if this is a possible issue you can set up a monitoring solution like asavener mentioned that sends a ping every x minutes to keep the tunnel active.

if you need any help setting this up let us know.

-t
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
asavenerCommented:
Have you tried any of the testing we suggested?
0
 
joe90kaneAuthor Commented:
Thanks for the comments - I setup ping plotter and can see extensive packet lose from both the External & Internal IP at the same time so it must be the provider.

Getting a Lan extension installed next week so should resolve / improve the situation.

0
 
asavenerCommented:
I feel that we helped the poster find an underlying network reliability problem, which affected his VPN.
0
 
ModalotEE ModeratorCommented:
Following an Objection by asavener, and after Moderator review, there seems to be a better  disposition, as recommended by the contributing Expert(s).

Modalot
Community Support Moderator
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now