Site2Site PIX6.3(5) to ASA5520 7.2(2) tunnel drops every few minutes

tmarlow · ‎03-27-2007

I can't figure it out, the tunnel drops every few minutes. Here is the debugging on the 515E.

ISAKMP (0): retransmitting phase 2 (10/4)... mess_id 0xfaad7abc

ISAKMP (0): retransmitting phase 2 (4/5)... mess_id 0x6b130e85

ISAKMP (0): deleting IPSEC SAs with peer at 164.113.94.1

VPN Peer: IPSEC: Peer ip:164.113.94.1/500 Decrementing Ref cnt to:2 Total VPN Peers:1

VPN Peer: IPSEC: Peer ip:164.113.94.1/500 Decrementing Ref cnt to:1 Total VPN Peers:1

ISAKMP (0): deleting SA: src 164.113.94.1, dst 164.113.95.178

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block:src:164.113.94.1, dest:164.113.95.178 spt:500 dpt:500

ISAKMP: drop msg for deleted sa

crypto_isakmp_process_block:src:164.113.94.1, dest:164.113.95.178 spt:500 dpt:500

OAK_MM exchange

it deletes the SAs and then immediation starts quick mode again and reestablishes. I have the sa lifetimes identical on both ends, but I don't understand why this happens, how resilient is the mgmt tunnel if there is some latency on the network? I can provide some configurations also.

tmarlow · ‎03-27-2007

I also seem to get alot of these and don't know if that is normal or out of the ordinary:

ISAKMP (0): retransmitting phase 2 (6/1)... mess_id 0x6bf1ec37

ISAKMP (0): retransmitting phase 2 (5/1)... mess_id 0x92fa5f2a