irregular vpn-tunnel drops

Unanswered Question
Jan 9th, 2009


I have a VPN-tunnel between a Cisco ASA 5505 and a Checkpoint FW-1 firewall. The tunnel drops with irregular intervals, and I have been unable to determine why. I need some help to understand the debug output from the Cisco box that keeps dropping the tunnel.

We want all traffic from two inside networks on the Cisco ASA side to be tunneled over to the Checkpoint side.

I have attached the running config from the Cisco ASA box and the “debug crypto isakmp 255” output. The debug output keeps looping over and over again once the VPN tunnel has gone down.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dominic.caron Fri, 01/09/2009 - 12:46


From the debug, you can tell your asa is trying to initiate an isakmp session but your Checkpoint is not responding.

I did not see a static or default route in your ASA config to reach the checkpoint. Could the ASA isakmp process it generating the packet but the routing process in the ASA is dropping it because you got no route ?

johan.jentell Mon, 01/12/2009 - 04:03


There is a static route, however it got omitted when i censored the running-config.

The devices do have contact over the network, even though the tunnel goes down. However it seems like the phase 1 renegotiation does work.


This Discussion