IPSEC tunnel issues

Unanswered Question

I have a handful of 871's for SOHO users which started out utilizing an EZVPN tunnel back to an ASA at our headquarters location. That was extremely unstable so it has now been flipped to a static to dynamic mapping in the default L2L tunnel group and I'm see similar results. I've tried isolating the issues with no luck.

I've added an attachment with the error messages I see consistently. It seems as though the ASA 5520 just stops responding.

I've messed with the tcp mss values clearing the df-bit and also tried some of the timers but nothing seems to work.

Sometimes the tunnel stays up for hours other times it drops after 5 minutes. One thing that is consistent is that it drops multiple times per day.

Any assistance would be greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vkapoor5 Tue, 04/15/2008 - 10:12
User Badges:
  • Bronze, 100 points or more

This document contains the most common solutions to IPsec VPN problems. These solutions come directly from service requests that the Cisco Technical Support have solved. Many of these solutions can be implemented prior to the in-depth troubleshooting of an IPsec VPN connection. As a result, this document is presented as a checklist of common procedures to try before you begin to troubleshoot a connection and call Cisco Technical Support.


duane.larson Tue, 04/29/2008 - 09:18
User Badges:

What was the resolution???

I have a 5520 set up with EzVPN and 1841 IOS routers on the remote end that are experiencing the same issues you explain. I have been working with TAC for a while now and they aren't sure how to fix it.


This Discussion