Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Any reliable version of ASA software available?

We've got an ASA 5520 working as an endpoint for multiple vpn l2l tunnels. It initially had version 7.2 loaded but we have since downgraded to 7.1(2). However in both versions we are experiencing a problem whereby the box will occasionally begin denying traffic across already established tunnels with no reason. The logs always show 'deny inbound, flags syn on interface outside' messages. Additionally it usually cascades to eventually include all traffic on all tunnels.

I have also found that if I manually reset one of our tunnels this kick starts the above problem across all other tunnels. The only resolution I have found so far is to logout all l2l sessions. They immediately reform and the traffic starts to pass normally.

Looking through the bug database I cannot find this exact problem and the few that might be similar report as being resolved. Is there a stable firmware version out there yet or are they all somewhat buggy?

2 REPLIES
Bronze

Re: Any reliable version of ASA software available?

This is an issue with Access List. Make sure there is a permit entry in the access list for the particular type of traffic.

New Member

Re: Any reliable version of ASA software available?

Hi!

We have the same problem with two ASA5520 in diffrent environments. Also have a Tac case on this, but they cannot find the problem. Please let me now if you find anything. /Regards

101
Views
0
Helpful
2
Replies