Site to Site VPN

Home Forums Networking Cisco Security – PIX/ASA/VPN Site to Site VPN

This topic contains 2 replies, has 3 voices, and was last updated by Avatar runrig 8 years, 8 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • Avatar
    zormas
    Member
    #155613

    Hi Guys,

    I am hoping someone can guide me in the right direction here.

    I am having BIG problem with one of my S2S VPN. This particular tunnel has been going down everyday since last 1 week.I have 3 S2S Tunnels configured on the SAME VPN concentrator (ASA 5510) but I am having problem ONLY with 1 specific tunnel.The remaining 2 tunnels stay up when this one goes down so the problem is only with this one.

    In order to bring this tunnel up,I either do a clear tunnel or reload the VPN concentrator and thats it ,the tunnel comes up fine.I do not have access to the remote peer and as per their network engineer they can SEND pkts to us but NOT RECEIVE from us when the tunnel goes down.So luks like the problem is from my side.

    I have very limited knowledge in dealing with S2S VPN’s so im hoping someone can help me out here.

    Thanks.

    Avatar
    ikon
    Member
    #354281

    Re: Site to Site VPN

    I have had soem problem’s in the past where the remote device was dropping out but the local device was still established and the remote device would try to reconnect constantly but fail becuase of the current session key limit.. this is one possibility.

    another issue would be to check your IKE policy settings for things like PFS ( Perfect Forward security) and make sure both ends are identitical.

    hope this helps.

    Avatar
    runrig
    Member
    #382596

    Re: Site to Site VPN

    hmm, usually tunnels will drop due to inactivity across teh tunnel. i would configure a device on the remote site to do a continous ping to your primary site for 24hrs. i would also verify if your internet connection is flaking out on you. do you have a monitoring service that you can check to make sure your internet connection stays the whole time? also, when the tunnel drops, can you access the asa on the remote site?

    these are minor trouble shooting steps, but try those first.

    i have also seen issues where teh IOS just gets rid of the crypto ipsec configuration. rebooting it brings it back up since it was saved in the start config.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.