01-28-2009 01:55 PM - edited 02-21-2020 03:14 AM
I have 5 L2L VPN's running off of my Cisco 5520 ASA. One of them is connected to a Juniper NS, at 8 hours the VPN drops and rebuilds while in use, so the user sessions freeze for a minute. Any ideas on how to correct this? Thanks in advance.
01-30-2009 02:42 PM
I noticed this in the debug logs. Second message is odd as the VPN is in use when it goes down.
Connection terminated for peer x.x.x.x Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
Session Type: IPsec, Duration: 8h:00m:25s, Bytes xmt: 1176522, Bytes rcv: 3280246, Reason: Idle Timeout
02-01-2009 12:42 PM
Check your lifetime statements on the crypto isakmp policies. That's how many seconds can go by before security associations re-establish. Also in the crypto map there is a lifetime value which can be set to how many seconds before the tunnel gets torn down or how many kilobytes can pass before the tunnel gets torn down.
02-02-2009 10:26 AM
Thanks RicheeJJJ my settings look correct I wonder if it is on the other side though he connects to Cisco ASA's.
crypto map SBCVPN 2 set peer x.x.x.x
crypto map SBCVPN 2 set transform-set ESP-3DES-SHA
crypto map SBCVPN 2 set security-association lifetime seconds 86400
crypto map SBCVPN 2 set security-association lifetime kilobytes 4608000
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: