Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Connections requiring sa peer resets often?

I have multiple (let's say about 50) remote sites which have an ASA 5505 at them connecting via a ipsec vpn connection back to our main office. Most of the time, these connections work great, but it seems like within the span of about 1 week, at least 4 or 5 require either a reboot or the command "ipsec reset sa peer x.x.x.x" to be run to re-establish the vpn tunnel. Now, this is more of a nuisance than a real problem because they always come back up, but my employer would like to know if there is a way to minimize these issues. Here are some details and my thoughts:

Remote sites each have a 5505, running various OS versions, but none too terribly old. They connect back to HQ using either a DSL or cable modem connection.

HQ ASA is a 5520 in a failover pair. It is running ASA version 8.0(3) and ASDM version 6.0(3) and has a good 'net connection.

All have static IP's and in every case, there is no known issue with the network connections, just a loss of the vpn tunnel.

My gut instinct is to upgrade the remote ASA's to the same ASA firmware version as the HQ ASA. I expect that we will still encounter some times when we will need to reset the VPN tunnel, but I would expect that they would be fewer if the OS versions matched than now. I think the likely culprit is the instability of cable modem and DSL connections.

Any ideas?

1 REPLY
Bronze

Re: VPN Connections requiring sa peer resets often?

check if the "reset upon timeout" action uis enabled on the ASA which may cause the connection to timeout and re-establish the connection.If it is configures increase the time configured.

115
Views
0
Helpful
1
Replies