Cisco ASA 5505  IPSEC VPN stops passing traffic

Posted on 2013-10-03
Medium Priority
Last Modified: 2013-10-08
We have a Cisco ASA 5505 running 8.2.(1). It is runnng two site to site VPN's. The VPN' stays up, but after awhile, it will stop passing traffic. If we log into the ASDM, and we logout the VPN session and let it get recreated, it creates the tunnel, and traffic starts passing over it okay. It may pass traffic for a few days, then traffic stops. I have maxed the crypto lifetime size as well:
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 2147483647

Question by:greentriangle
LVL 18

Assisted Solution

max_the_king earned 400 total points
ID: 39545625
well, it may well be a failure in data line connection from your ISP, on either end of the tunnel. Indeed, the tunnel would stay up for a little while if the 2 peers lose communication and eventually drop the tunnel.
You may check internet connection by pinging recursively both the data lines routers or firewall from another point: e.g., you open two command line or use any software to ping recursively the 2 data lines, if you see lost packets and vpn tunnel drop, then you'll be pretty sure that it is not a matter of your firewalls.

hope this helps
LVL 16

Assisted Solution

InteraX earned 400 total points
ID: 39546193
Have you tried enabling IKE keepalives for the tunnels?

tunnel-group <groupname> ipsec-attributes
isakmp keepalive 10

This will send an ISAKMP keepalive message every 10 seconds.

Have you setup idle timeout at one end and not the other? What about max connect time?
LVL 17

Accepted Solution

Marius Gunnerud earned 1200 total points
ID: 39554683
If the issue is not with the service provider, then I would say it looks like you are hitting a bug.  try upgrading to a newer version of the ASA 8.2 version.

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question