Error on ASA5505: "IKE Receiver: Error reading from socket."

Unanswered Question
May 10th, 2012

Hi,

I'm expecting a problem with the network of a customer.

He has one ASA5505 connected to 2 RV082 using VPN IPSec (1 top office and 2 remote sites).

Each sites have 2 internet ADSL providers: "Provider A" and "Provider B" for backup purpose.

The remote site 1 has the default connection using "Provider A" network on both sites (top office and remote site) and "Provider B" for backup purpose.

While remote site 2 has the default connection using "Provider B" network on both sites (top office and remote site) and "Provider A" for backup purpose.

(Kind of load balancing when all connections are working good)

When all "3 sites x 2 =" 6 connections are working, I doesn't have any problem and all is working good.

But since 2 weeks, the "Provider A" of the top office is disconnected: both remote site uses "Provider B" and are connected to the top office on

the "Provider B" connection. ("Provider A" is no longer used on every sites.)

This configuration works good until a short disconnection appear on "Provider B" connection on "Site 2".

Then I have many "IKE Receiver: Error reading from socket." on the ASA5505 syslog and the RV082 located on "Site 2" says it's connect but it isn't. (It is not possible to ping "site 2" from top office network.)

If I force this RV082 to reconnect, I can from the top office, ping "Site 2" and open a remote desktop session to the server located on "site 2".

But I cannot ping top office network from "Site 2" and I cannot open a remote desktop session to the server located on "top office"

(it's very strange I can ping from a A network to a B network but not from B to A).

Restart the RV082 of the "Site 2" and/or the ASA5505 does not fix the problem and I continue to get the IKE socket error message.

To fix the problem until next "Site 2" "Provider B" disconnection, I have to disconnect or restart the RV082 located on "Site 1" and then do the same to the RV082 located on "Site 2".

I use updated firmware: RV0XX-v4.1.1.01-sp.bin for both RV082 v3 and asa843-9-k8.bin for the ASA5505.

ASA routing part :

# 192.168.1.0 is the network of the top office
# 192.168.2.0 is the network of site 1
# 192.168.3.0 is the network of site 2

# 192.168.20.2 is the @IP of the "Provider A" internet router located on top office
# 192.168.21.2 is the @IP of the "Provider B" internet router located on top office

route outsideLB 0.0.0.0 0.0.0.0 192.168.20.2 128 track 1
route outsideFB 192.168.3.0 255.255.255.0 192.168.21.2 128 track 2
route outsideLB 192.168.2.0 255.255.255.0 192.168.20.2 128 track 3
route outsideFB 0.0.0.0 0.0.0.0 192.168.21.2 150
route outsideFB %Site2_ProviderB_PublicIP% 255.255.255.255 192.168.21.2 5
route outsideLB %Site1_ProviderA_PublicIP% 255.255.255.255 192.168.20.2 5
route outsideFB 192.168.2.0 255.255.255.0 192.168.21.2 150
route outsideLB 192.168.3.0 255.255.255.0 192.168.20.2 150

...

sla monitor 10
type echo protocol ipIcmpEcho %ProvideA_IP_of_a_SMTP_Server% interface outsideLB
frequency 5
sla monitor schedule 10 life forever start-time now
sla monitor 20
type echo protocol ipIcmpEcho %Site2_ProviderB_PublicIP% interface outsideFB
sla monitor schedule 20 life forever start-time now
sla monitor 30
type echo protocol ipIcmpEcho %Site1_ProviderA_PublicIP% interface outsideLB
sla monitor schedule 30 life forever start-time now

Thanks,

David

neithe
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Discussion

Posted May 10, 2012 at 6:07 AM
Stats:
Replies:0 Avg. Rating:
Views:476 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard