- Gold, 750 points or more
With Marcin Latosiewicz
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to Get an update on IPsec VPN with Cisco expert Marcin Latosiewicz who will answer questions on the topic of best practices when implementing IPsec VPNs on IOS and ASA. Marcin Latosiewicz is a Customer Support Engineer at the Cisco Technical Assistance Center in Belgium, which over four years of experience with Cisco Security products and technologies including IPSec, VPN, internetworking appliances, network and systems security, internet services and Cisco networking equipment.
Remember to use the rating system to let Marcin know if you have received an adequate response.
Marcin might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security sub-community discussion forum shortly after the event. This event lasts through December 9th, 2011. Visit this forum often to view responses to your questions and the questions of other community members.
Not knowing your settings and assuming some Cisco defaults it could be a problem during phase 1 rekey (86400 seconds is the default).
What I would also look into whether by any chance you do not have vpn idle timeout or vpn session timeout applied for you (what I assume is) Lan to Lan tunnels.
Check logs on ASA (we drop some logs on informational level) on failure.
If you feel like debugging - debug cry isakmp 127 .
What I would suggest regardless is to open a TAC case, there's quite a few problems we saw in the past with Sonicwall.
Mostly smaller problems with (mis)configuration, but occasionally a bug (on either side).
We need more info :-)
HTH and GL,