I have a handful of 871's for SOHO users which started out utilizing an EZVPN tunnel back to an ASA at our headquarters location. That was extremely unstable so it has now been flipped to a static to dynamic mapping in the default L2L tunnel group and I'm see similar results. I've tried isolating the issues with no luck.
I've added an attachment with the error messages I see consistently. It seems as though the ASA 5520 just stops responding.
I've messed with the tcp mss values clearing the df-bit and also tried some of the timers but nothing seems to work.
Sometimes the tunnel stays up for hours other times it drops after 5 minutes. One thing that is consistent is that it drops multiple times per day.
This document contains the most common solutions to IPsec VPN problems. These solutions come directly from service requests that the Cisco Technical Support have solved. Many of these solutions can be implemented prior to the in-depth troubleshooting of an IPsec VPN connection. As a result, this document is presented as a checklist of common procedures to try before you begin to troubleshoot a connection and call Cisco Technical Support.
I have a 5520 set up with EzVPN and 1841 IOS routers on the remote end that are experiencing the same issues you explain. I have been working with TAC for a while now and they aren't sure how to fix it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...