ASA VPNs down

Unanswered Question
Feb 16th, 2009

Hi, I have two ASA in stateful failover. Once a month, we have a serious problem - all VPNs that are terminated on ASA is dropped, for no obvious reason, and only physically reloading primary ASA can solve the problem. We installed IPS, and also upgraded software from 7.2.2 to 7.2.4, but it is still happening. Anybody has an idea? It is a big problem. Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eddie.mitchell@... Mon, 02/16/2009 - 11:37

What are your phase 1 and 2 timeouts for your VPN tunnels? What is the output of 'sh fail' when the failure occurs?

binelipetrov Mon, 02/16/2009 - 23:47

All timers for VPNs are on their default values. Also, regarding failover - it is still functional when it hapenned (when all VPNs are dropped)

jgorman1977 Tue, 02/17/2009 - 11:45

I ran into this and fixed the issue using command isakmp nat-t 25, then rebooting both ASA's.

binelipetrov Wed, 02/18/2009 - 01:54

Did you solved it with software version 7.2? What was the problem, by your opinion? I can not connect nat-t with dropped tunnels...



This Discussion