Help! VPN Connection randomly dropping

Unanswered Question
Oct 14th, 2008
User Badges:

Hi,


I have an issue I am trying to get resolved asap any help would be appreciated.


We have a main office with a ASA5510 and three satellite sites with a mixture of asa and pix devices, I have reconfigured our head office ASA5510 from scratch for a new leased line.


Now VPN connections are dropping randomly and all together, they may be up for 5 mins or 2 hours.


When it drops all three vpn links disconnect at the same time and then reconnect a few seconds later.


Could you tell me if the config looks ok (I have included the main site and one of the Satellite offices)


If so can you tell me the best steps in debugging the issue


Many Thanks,

Chris



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shaw.chris Tue, 10/14/2008 - 01:14
User Badges:

I've just caught this from the logs, would this signify the Outside Interface on our main office ASA is dropping causing the VPNs to disconnect? any debugs I could use to find out why it is doing this?


Oct 14 09:52:25 10.0.0.1 %ASA-4-411002: Line protocol on Interface Ethernet0/0, changed state to down

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x3D4AE529) between 80.xxxxx and 217.xxxxx (user= 217.xxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x401B33CD) between 80.xxxxxxxxx and 217.xxxxxxxxx (user= 217.xxxxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x22046425) between 80.xxxxxxxxxx and 213.xxxxxxxxx (user= 213.xxxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xAE3169C9) between 80.xxxxxxxx and 213.ssssssss (user= 213xxxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-4-113019: Group = 217.xxxxxxxx, Username = 217.xxxxxxxx, IP = 217.xxxxxxxxx, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:43m:48s, Bytes xmt: 5507995, Bytes rcv: 23935183, Reason: User Requested

Oct 14 09:52:26 10.0.0.1 %ASA-4-113019: Group = 213xxxxxxxxx, Username = 213.xxxxxxxxx, IP = 213.xxxxxxxxxx, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:46m:46s, Bytes xmt: 2006467, Bytes rcv: 6054780, Reason: User Requested



shaw.chris Tue, 10/14/2008 - 04:48
User Badges:

Hi, it is possible to debug an interface to see why the line protocol is changing to down?

shaw.chris Wed, 10/15/2008 - 08:03
User Badges:

Hi, Is anyone able to help out with this issue?


Thanks,

Chris

singhsaju Wed, 10/15/2008 - 08:35
User Badges:
  • Silver, 250 points or more

Logs clearly shows" Oct 14 09:52:25 10.0.0.1 %ASA-4-411002: Line protocol on Interface Ethernet0/0, changed state to down "


Check with the ISP for this internet connection and have it investigated. VPN connections are built over your basic internet connection. if you do not have underlying connectivity then VPN tunnels will go down.


It seems that internet connection is flapping .


HTH

Saju

Pls rate helpful posts

Actions

This Discussion