×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA 7.2(1) L2L VPN Issues

Unanswered Question
Apr 24th, 2007
User Badges:

Hi All,


I am having some problems with several of my l2l on ASA5550's. When ever I initiate the tunnel by ssh'ing to a host on the remote site I get the following 'Connection closed by foreign host' immediately after. I ran a debug cry isa 127 and debug cry ips 127 on the remote ASA5550 and saw the following "Sending IPSec Delete With Reason message: Maximum Configured SA Lifetime Exceeded."


Any ideas would be greatly appreciated.


--Jose

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Mon, 04/30/2007 - 11:29
User Badges:
  • Bronze, 100 points or more

All the SAs in every tunnel have a Maximum Lifetime. A little bit before this Lifetime is reached a new SA is created for it to be used after the old one expires. This was designed for security reasons. Changing the lifetime setting on the peers to some higher value in seconds may help, this will ensure that your VPN tunnels stay up much longer. Also if your IPSEC peers support ISAKMP keepalives it would be a good idea to enable them.

Actions

This Discussion