Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
4
Replies

Help! VPN Connection randomly dropping

shaw.chris
Level 1
Level 1

‎10-14-2008 12:04 AM - edited ‎02-21-2020 03:59 PM

Hi,

I have an issue I am trying to get resolved asap any help would be appreciated.

We have a main office with a ASA5510 and three satellite sites with a mixture of asa and pix devices, I have reconfigured our head office ASA5510 from scratch for a new leased line.

Now VPN connections are dropping randomly and all together, they may be up for 5 mins or 2 hours.

When it drops all three vpn links disconnect at the same time and then reconnect a few seconds later.

Could you tell me if the config looks ok (I have included the main site and one of the Satellite offices)

If so can you tell me the best steps in debugging the issue

Many Thanks,

Chris

Labels:
Preview file
4 KB
Preview file
6 KB
0 Helpful
4 Replies 4

shaw.chris
Level 1
Level 1

‎10-14-2008 01:14 AM

I've just caught this from the logs, would this signify the Outside Interface on our main office ASA is dropping causing the VPNs to disconnect? any debugs I could use to find out why it is doing this?

Oct 14 09:52:25 10.0.0.1 %ASA-4-411002: Line protocol on Interface Ethernet0/0, changed state to down

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x3D4AE529) between 80.xxxxx and 217.xxxxx (user= 217.xxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x401B33CD) between 80.xxxxxxxxx and 217.xxxxxxxxx (user= 217.xxxxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x22046425) between 80.xxxxxxxxxx and 213.xxxxxxxxx (user= 213.xxxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xAE3169C9) between 80.xxxxxxxx and 213.ssssssss (user= 213xxxxxxxxx) has been deleted.

Oct 14 09:52:26 10.0.0.1 %ASA-4-113019: Group = 217.xxxxxxxx, Username = 217.xxxxxxxx, IP = 217.xxxxxxxxx, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:43m:48s, Bytes xmt: 5507995, Bytes rcv: 23935183, Reason: User Requested

Oct 14 09:52:26 10.0.0.1 %ASA-4-113019: Group = 213xxxxxxxxx, Username = 213.xxxxxxxxx, IP = 213.xxxxxxxxxx, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:46m:46s, Bytes xmt: 2006467, Bytes rcv: 6054780, Reason: User Requested

0 Helpful

shaw.chris
Level 1
Level 1
In response to shaw.chris

‎10-14-2008 04:48 AM

Hi, it is possible to debug an interface to see why the line protocol is changing to down?

0 Helpful

shaw.chris
Level 1
Level 1
In response to shaw.chris

‎10-15-2008 08:03 AM

Hi, Is anyone able to help out with this issue?

Thanks,

Chris

0 Helpful

singhsaju
Level 4
Level 4
In response to shaw.chris

‎10-15-2008 08:35 AM

Logs clearly shows" Oct 14 09:52:25 10.0.0.1 %ASA-4-411002: Line protocol on Interface Ethernet0/0, changed state to down "

Check with the ISP for this internet connection and have it investigated. VPN connections are built over your basic internet connection. if you do not have underlying connectivity then VPN tunnels will go down.

It seems that internet connection is flapping .

HTH

Saju

Pls rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents