No announcement yet.

Site to Site VPN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Site to Site VPN

    Hi Guys,

    I am hoping someone can guide me in the right direction here.

    I am having BIG problem with one of my S2S VPN. This particular tunnel has been going down everyday since last 1 week.I have 3 S2S Tunnels configured on the SAME VPN concentrator (ASA 5510) but I am having problem ONLY with 1 specific tunnel.The remaining 2 tunnels stay up when this one goes down so the problem is only with this one.

    In order to bring this tunnel up,I either do a clear tunnel or reload the VPN concentrator and thats it ,the tunnel comes up fine.I do not have access to the remote peer and as per their network engineer they can SEND pkts to us but NOT RECEIVE from us when the tunnel goes down.So luks like the problem is from my side.

    I have very limited knowledge in dealing with S2S VPN's so im hoping someone can help me out here.


  • #2
    Re: Site to Site VPN

    I have had soem problem's in the past where the remote device was dropping out but the local device was still established and the remote device would try to reconnect constantly but fail becuase of the current session key limit.. this is one possibility.

    another issue would be to check your IKE policy settings for things like PFS ( Perfect Forward security) and make sure both ends are identitical.

    hope this helps.
    MCSE 2003; MCTS Vista; Sec+; CCNA
    Attitude Makes The Difference!
    in other words you got to WANT to do it..


    • #3
      Re: Site to Site VPN

      hmm, usually tunnels will drop due to inactivity across teh tunnel. i would configure a device on the remote site to do a continous ping to your primary site for 24hrs. i would also verify if your internet connection is flaking out on you. do you have a monitoring service that you can check to make sure your internet connection stays the whole time? also, when the tunnel drops, can you access the asa on the remote site?

      these are minor trouble shooting steps, but try those first.

      i have also seen issues where teh IOS just gets rid of the crypto ipsec configuration. rebooting it brings it back up since it was saved in the start config.