ASA VPNs down

Unanswered Question
Feb 16th, 2009
User Badges:

Hi, I have two ASA in stateful failover. Once a month, we have a serious problem - all VPNs that are terminated on ASA is dropped, for no obvious reason, and only physically reloading primary ASA can solve the problem. We installed IPS, and also upgraded software from 7.2.2 to 7.2.4, but it is still happening. Anybody has an idea? It is a big problem. Thanks in advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
eddie.mitchell@... Mon, 02/16/2009 - 11:37
User Badges:
  • Silver, 250 points or more

What are your phase 1 and 2 timeouts for your VPN tunnels? What is the output of 'sh fail' when the failure occurs?

binelipetrov Mon, 02/16/2009 - 23:47
User Badges:

All timers for VPNs are on their default values. Also, regarding failover - it is still functional when it hapenned (when all VPNs are dropped)

jgorman1977 Tue, 02/17/2009 - 11:45
User Badges:

I ran into this and fixed the issue using command isakmp nat-t 25, then rebooting both ASA's.

binelipetrov Wed, 02/18/2009 - 01:54
User Badges:

Did you solved it with software version 7.2? What was the problem, by your opinion? I can not connect nat-t with dropped tunnels...


Thanks




Actions

This Discussion