Re: ASA will randomly drop all VPN connectivity

andy-gerace · ‎10-31-2006

I have an ASA5540 that is in use as a VPN endpoint. I have both LAN to LAN and remote access VPN clients connecting to it. For the past 3 months it will randomly just drop all VPN packets. All other traffic will pass as it is supposed to, but no VPN traffic. I have to completely reload the ASA to revive VPN connectivity.

I was running a code version 7.2.1 but then updated to an interim release 7.2.1 (19) hoping to resolve the issue. No luck. My syslog shows an error message whenever it happens:

CRYPTO: The ASA hardware accelerator encountered an error (Unknown Error, code= 0x3B) while executing the command Process IPSec Outbound Packet (0x11)

Report Inappropriate Content · ‎11-06-2006

Try this:

Check ForceKeepalive in your .pcf. You may add the following line to the bottom of the .pcf file if its not there:

ForceKeepAlives=1

Try this link:

http://www.cisco.com/en/US/products/ps6120/products_system_message_guide_chapter09186a008066633c.html#wp3110883

markbialik · ‎03-07-2007

Hi,

I'm having the exact same problem on my ASA5510. Did you ever figure out the cause or fix it?

Thanks,

Mark

kaachary · ‎03-07-2007

Seems like a bug.

Open a TAC case.

-Kanishka

markbialik · ‎03-07-2007

I did. And it is a bug: CSCsd43563

Mark

andy-gerace · ‎03-16-2007

Not sure if you already knew or not, but there is a new version which is supposed to contain a fix for this bug out now.

asa722-14-k8.bin

markbialik · ‎03-16-2007

Yup, they sent me a pre-release of 7.2.2.12 which fixed the problem.