Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 VPN session disconnections

Hi

We have set up an IPsec site to site VPN tunnel with ASA5510 and Checkpoint on the remote side. ASA5510 is running version 7.2.1. The VPN tunnel comes up but when users use windows Remote desktop to access the remote servers the user sessions get disconnected automatically after few minutes. We have tested the same setup replacing the ASA5510 with PIX 515E an there are no problems.

Any help to fix this will be great.

thanks

Subbu

6 REPLIES
New Member

Re: ASA 5510 VPN session disconnections

I am having same trouble with AS/400 sessions, and I can't seem to find any solution to problem, Cisco is no help. Does anyone know a problem with Checkpoints?? Why does it work ok with PIX515? Does Checkpoint need to be updated? Any suggestions ????

New Member

Re: ASA 5510 VPN session disconnections

Hi

I opened a TAC case but it was of no use. Cisco asked us to give the packet capture report but are non-committal.

I am still living with this problem and Cisco has been of no help.

New Member

Re: ASA 5510 VPN session disconnections

Yes, I did the same thing, Cisco had to change something in the VPN code!! I have went over and over config and everything is the same, I can't beleive there aren't more people having this problem

Bronze

Re: ASA 5510 VPN session disconnections

hello,

could you post your config espacially related to crypto and isakmp

we have similar senario using ASA5520 connecting to our partner and on the other DR site connecting PIX515E to the same partner to Checkpoint in both cases and AS/400 and other sessions have no problem at all.

also is it only happening with remote desktop sessions or with everthing.

New Member

Re: ASA 5510 VPN session disconnections

Attached is config with isakmp and crypto

New Member

Re: ASA 5510 VPN session disconnections

Hi

I faced the same issue. I migrated the existing PIX 515E to ASA 5510 and one of the site-site VPN tunnels was with a Checkpoint firewall, and I got the same behaviour. On the checkpoint end they were getting so many log errors of "Packet is dropped because there is no valid SA"

I made it work by changing the crypto map configuration to dynamic, so it will accept any IPSec SA from checkpoint end.

I would appreciate if there is a fix/solution for this ?

Thanks

Osama,

209
Views
0
Helpful
6
Replies