Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 - 7.0.5 connection issue

I have a ASA with a VPN to a Sonic Wall Firewall. After a couple of hours the connection to some servers are lost but the VPN continues up. If I try to ping the servers from the asa I succeed. Some times I have to reboot the asa to reconnect again or in other cases it reconnects by itself after 3 minutes of inativity.

I tryed a #ping -t command to maintain data flow through the tunnel but after hours it stoped

The life time is correct in both sides

#isakmp policy 10 lifetime 28800

when I debug the following outputs is showed:

VPNPAN# Oct 30 13:52:42 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Informatio

n Exchange processing failed

Oct 30 13:52:50 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:52:58 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:06 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:14 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, QM FSM error (P2 s

truct &0x3421f90, mess id 0x95f08cf0)!

Oct 30 13:53:14 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Removing peer from

correlator table failed, no match!

Oct 30 13:53:14 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:19 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:27 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:35 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:43 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:53:51 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, QM FSM error (P2 s

truct &0x341efb8, mess id 0xb4c097be)!

Oct 30 13:53:51 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Removing peer from

correlator table failed, no match!

Oct 30 13:53:51 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Information Exchan

ge processing failed

Oct 30 13:54:43 [IKEv1]: IP = 10.2.53.36, Received Invalid Cookie message for n

on-existent SA

Oct 30 13:54:43 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, QM FSM error (P2 s

truct &0x3bdfed0, mess id 0xde694c81)!

Oct 30 13:54:43 [IKEv1]: Group = 10.2.53.36, IP = 10.2.53.36, Removing peer from

correlator table failed, no match!

Any clue of what my issue is? any solution?

Thanks

1 REPLY
Silver

Re: ASA 5510 - 7.0.5 connection issue

Do the following , and try again .

clear 'crypto isakmp sa' and 'clear crypto ips sa'

'debug crypto isa 100' and 'debug crypto ips 10

96
Views
0
Helpful
1
Replies
CreatePlease to create content