ASA not responding to IPSEC

Unanswered Question
Sep 21st, 2007
User Badges:

ASA 8.0(2)

ASDM 6.0(2)


All of a sudden our ASA 5520 stops responding to IPSEC clients trying to connect (both tcp/10000 and udp/4500). We don't even get any attempts in our logs. It works one day and stops working another. All other communication inbound/outbound works fine. WebVPN works fine for example.

Any ideas?


Rutger

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Thu, 09/27/2007 - 10:49
User Badges:
  • Silver, 250 points or more

The problem could be because of DPD's. Try to turn off the DPDs on the problematic client and also on the ASA. Go into the pcf on the problematic computer and set this equal to 1 and then on the ASA under the tunnel-group disable the isakmp keepalive (isakmp keepalive disable).

Rutger Blom Thu, 09/27/2007 - 11:18
User Badges:

Thanks for your reply.

It is not only one client machine having troubles, but all of them. The ASA stops serving IPSEC VPN.

I will try with turning off DPD on the ASA and the client. The client is getting their settings from an ACS. Is it enough to disable it on the ACS group or do we have to disable it by editing the PCF?

Actions

This Discussion