I have a RV082 that has an issue keeping an IPSEC Gateway to Gateway VPN running from itself to our ASA 5510.
At 8 hours of connectivity (I can almost set a clock to it) the Tunnel will say it is connected on the RV082 but on the ASA 5510 the tunnel is not up.
If I click on disconnect on the RV082 under the VPN Summary page things will come back up. from the ASA 5510 side there is nothing I can do to get things back (ping inside "vpn network" or even trying to make a connection to a networked VPN machine).
To make things more complicated I have another VPN on the RV082 to a PIX 506e that works with no issues. I also have another RV082 at another location with the same settings that keeps its tunnel with the ASA 5510 with out any issue.
Some things I have tried to try and fix the issue are:
I upgrade the firmware on the Rv082 V3 from 220.127.116.11-tm (what it was shipped with) to 4.1.1.01-sp) - This seemed to have no effect.
on the RV082 I have changed the MTU from automatic to 1428 and 1452 - all this does is make the connection to the PIX 506e unstable like it is for the ASA 5510 I have changed this back to automatic.
since the time of stability seems to be 8 hours I have changed the "Phase 1 SA life time" and "Phase 2 SA life time" to 28800 both at the same time and individually - This seemed to have no effect.
The current configuration on the RV082 are:
Local security gateway type: IP Only
IP address: (local ISP provided static IP address)
Local security group type: subnet
IP address: 192.168.30.0
Remote security gateway type: IP only
IP address: Remote address provided by ISP
Remote Security type: Subnet
IP address: 192.168.26.0
subnet mask: 255.255.255.0
Keying mode: IKE with Preshared key
Phase 1 DH Group: Group 2 - 1024 bit
Phase 1 Encryption: 3DES
Phase 1 Authorentication: MD5
PHase 1 SA Life Time: 86400
Perfect forward secrecy: is not checked.
Phase 2 DH Group: Group 2 - 1024 bit
Phase 2 Encryption: 3DES
phase 2 Authentication: MD5
Phase 2 SA Life Time: 86400
Preshared key: <shared-key>
Minimum Preshared Key Complexity: is checked
Preshared Key Strength meter: goes to 2 green boxes.
advanced setting nothing is set up.
ASA IPSEC related settings for this VPN:
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df inside
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet_map 7 match address internet_cryptomap_7
crypto map internet_map 7 set peer (Static_IP_ADDRESS)
crypto map internet_map 7 set transform-set ESP-3DES-MD5
crypto map internet_map 7 set reverse-route
crypto isakmp enable internet
crypto isakmp policy 4
crypto isakmp policy 5
crypto isakmp policy 10
crypto isakmp policy 30
tunnel-group (Static_IP_ADDRESS) type ipsec-l2l
tunnel-group (Static_IP_ADDRESS) ipsec-attributes
thanks in advance.