ASA L2L VPN drops after 8 hours while in use.

Unanswered Question
Jan 28th, 2009
User Badges:

I have 5 L2L VPN's running off of my Cisco 5520 ASA. One of them is connected to a Juniper NS, at 8 hours the VPN drops and rebuilds while in use, so the user sessions freeze for a minute. Any ideas on how to correct this? Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
PaulWelc Fri, 01/30/2009 - 14:42
User Badges:

I noticed this in the debug logs. Second message is odd as the VPN is in use when it goes down.

Connection terminated for peer x.x.x.x Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A

Session Type: IPsec, Duration: 8h:00m:25s, Bytes xmt: 1176522, Bytes rcv: 3280246, Reason: Idle Timeout

RicheeJJJ_2 Sun, 02/01/2009 - 12:42
User Badges:

Check your lifetime statements on the crypto isakmp policies. That's how many seconds can go by before security associations re-establish. Also in the crypto map there is a lifetime value which can be set to how many seconds before the tunnel gets torn down or how many kilobytes can pass before the tunnel gets torn down.

PaulWelc Mon, 02/02/2009 - 10:26
User Badges:

Thanks RicheeJJJ my settings look correct I wonder if it is on the other side though he connects to Cisco ASA's.

crypto map SBCVPN 2 set peer x.x.x.x

crypto map SBCVPN 2 set transform-set ESP-3DES-SHA

crypto map SBCVPN 2 set security-association lifetime seconds 86400

crypto map SBCVPN 2 set security-association lifetime kilobytes 4608000

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400


This Discussion