We use Cisco ASA5540's for terminating VPNS and use a standard site to site VPN configuation for 5 VPNs. However we have been experiencing a major problem with 1 of the VPNs that terminates on a Nortel GGSN device.
After much debugging it appears to be a Dead Peer Detection issue. The debugging shows the following message twice before disconnecting the VPN:
6|Dec 11 2008|08:09:10|713124|||Group = x.x.x.x, IP = x.x.x.x, Received DPD sequence number 0x51 in R_U_THERE, Next expected sequence number should be greater than 0x51
7|Dec 11 2008|08:09:10|715075|||Group = x.x.x.x, IP = x.x.x.x, Received keep-alive of type DPD R-U-THERE (seq number 0x51)
I have read that there is no actual standard for ISAKMP keepalives / DPD and that implementation is vendor specific, so could it be an incompatability between our Cisco ASA and the Nortel equipment ?
The strange thing is, the supplier at the other end usually deploy a managed solution terminating VPNs on a Cisco 2800 or 3600 series IOS router, and they all work fine.
So is it a problem specifically to do with the ASA Operating System and Nortel ?
Any help would be greatly appreciated.