Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
6
Replies

ASA 5510 VPN session disconnections

madhira
Level 1
Level 1

‎12-12-2006 10:10 AM - edited ‎03-11-2019 02:08 AM

Hi

We have set up an IPsec site to site VPN tunnel with ASA5510 and Checkpoint on the remote side. ASA5510 is running version 7.2.1. The VPN tunnel comes up but when users use windows Remote desktop to access the remote servers the user sessions get disconnected automatically after few minutes. We have tested the same setup replacing the ASA5510 with PIX 515E an there are no problems.

Any help to fix this will be great.

thanks

Subbu

Labels:
0 Helpful
6 Replies 6

jarmentrout
Level 1
Level 1

‎02-09-2007 06:51 AM

I am having same trouble with AS/400 sessions, and I can't seem to find any solution to problem, Cisco is no help. Does anyone know a problem with Checkpoints?? Why does it work ok with PIX515? Does Checkpoint need to be updated? Any suggestions ????

0 Helpful

madhira
Level 1
Level 1
In response to jarmentrout

‎02-09-2007 07:40 AM

Hi

I opened a TAC case but it was of no use. Cisco asked us to give the packet capture report but are non-committal.

I am still living with this problem and Cisco has been of no help.

0 Helpful

jarmentrout
Level 1
Level 1
In response to madhira

‎02-09-2007 07:45 AM

Yes, I did the same thing, Cisco had to change something in the VPN code!! I have went over and over config and everything is the same, I can't beleive there aren't more people having this problem

0 Helpful

zulqurnain
Level 3
Level 3

‎02-09-2007 08:19 AM

hello,

could you post your config espacially related to crypto and isakmp

we have similar senario using ASA5520 connecting to our partner and on the other DR site connecting PIX515E to the same partner to Checkpoint in both cases and AS/400 and other sessions have no problem at all.

also is it only happening with remote desktop sessions or with everthing.

0 Helpful

jarmentrout
Level 1
Level 1
In response to zulqurnain

‎02-09-2007 08:32 AM

Attached is config with isakmp and crypto

Preview file
3 KB
0 Helpful

odakalbab
Level 1
Level 1

‎08-08-2007 09:44 PM

Hi

I faced the same issue. I migrated the existing PIX 515E to ASA 5510 and one of the site-site VPN tunnels was with a Checkpoint firewall, and I got the same behaviour. On the checkpoint end they were getting so many log errors of "Packet is dropped because there is no valid SA"

I made it work by changing the crypto map configuration to dynamic, so it will accept any IPSec SA from checkpoint end.

I would appreciate if there is a fix/solution for this ?

Thanks

Osama,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card