10-14-2008 12:04 AM - edited 02-21-2020 03:59 PM
Hi,
I have an issue I am trying to get resolved asap any help would be appreciated.
We have a main office with a ASA5510 and three satellite sites with a mixture of asa and pix devices, I have reconfigured our head office ASA5510 from scratch for a new leased line.
Now VPN connections are dropping randomly and all together, they may be up for 5 mins or 2 hours.
When it drops all three vpn links disconnect at the same time and then reconnect a few seconds later.
Could you tell me if the config looks ok (I have included the main site and one of the Satellite offices)
If so can you tell me the best steps in debugging the issue
Many Thanks,
Chris
10-14-2008 01:14 AM
I've just caught this from the logs, would this signify the Outside Interface on our main office ASA is dropping causing the VPNs to disconnect? any debugs I could use to find out why it is doing this?
Oct 14 09:52:25 10.0.0.1 %ASA-4-411002: Line protocol on Interface Ethernet0/0, changed state to down
Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x3D4AE529) between 80.xxxxx and 217.xxxxx (user= 217.xxxxxxxx) has been deleted.
Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x401B33CD) between 80.xxxxxxxxx and 217.xxxxxxxxx (user= 217.xxxxxxxxxx) has been deleted.
Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0x22046425) between 80.xxxxxxxxxx and 213.xxxxxxxxx (user= 213.xxxxxxxxx) has been deleted.
Oct 14 09:52:26 10.0.0.1 %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xAE3169C9) between 80.xxxxxxxx and 213.ssssssss (user= 213xxxxxxxxx) has been deleted.
Oct 14 09:52:26 10.0.0.1 %ASA-4-113019: Group = 217.xxxxxxxx, Username = 217.xxxxxxxx, IP = 217.xxxxxxxxx, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:43m:48s, Bytes xmt: 5507995, Bytes rcv: 23935183, Reason: User Requested
Oct 14 09:52:26 10.0.0.1 %ASA-4-113019: Group = 213xxxxxxxxx, Username = 213.xxxxxxxxx, IP = 213.xxxxxxxxxx, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:46m:46s, Bytes xmt: 2006467, Bytes rcv: 6054780, Reason: User Requested
10-14-2008 04:48 AM
Hi, it is possible to debug an interface to see why the line protocol is changing to down?
10-15-2008 08:03 AM
Hi, Is anyone able to help out with this issue?
Thanks,
Chris
10-15-2008 08:35 AM
Logs clearly shows" Oct 14 09:52:25 10.0.0.1 %ASA-4-411002: Line protocol on Interface Ethernet0/0, changed state to down "
Check with the ISP for this internet connection and have it investigated. VPN connections are built over your basic internet connection. if you do not have underlying connectivity then VPN tunnels will go down.
It seems that internet connection is flapping .
HTH
Saju
Pls rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide