Packet drop in L2L VPN tunnel

Unanswered Question
Jun 11th, 2009
User Badges:


MY ASA5540 has 40 L2L IPsec VPN tunnels to other sites. One of tunnels has packet drop often ( but the tunnel remind up ). Called ISP and confirm its not ISP issue. Is there any method to troubleshoot the issue ? what should I look at in the configuration ? any help will be appericated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Thu, 06/18/2009 - 10:39
User Badges:
  • Gold, 750 points or more

Kwok Hung Ken Wu,

I'm not sure that they are sending traffic by using udp/4500 or not. In case of ESP when link flapping occurred you may find something about invalid SPI.That would be a problem because the database has not been synchronized. If you're facing this please add a "crypto isakmp invalid-spi-recovery" command for testing.




This Discussion