Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site2Site PIX6.3(5) to ASA5520 7.2(2) tunnel drops every few minutes

I can't figure it out, the tunnel drops every few minutes. Here is the debugging on the 515E.

ISAKMP (0): retransmitting phase 2 (10/4)... mess_id 0xfaad7abc

ISAKMP (0): retransmitting phase 2 (4/5)... mess_id 0x6b130e85

ISAKMP (0): deleting IPSEC SAs with peer at 164.113.94.1

VPN Peer: IPSEC: Peer ip:164.113.94.1/500 Decrementing Ref cnt to:2 Total VPN Peers:1

VPN Peer: IPSEC: Peer ip:164.113.94.1/500 Decrementing Ref cnt to:1 Total VPN Peers:1

ISAKMP (0): deleting SA: src 164.113.94.1, dst 164.113.95.178

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block:src:164.113.94.1, dest:164.113.95.178 spt:500 dpt:500

ISAKMP: drop msg for deleted sa

crypto_isakmp_process_block:src:164.113.94.1, dest:164.113.95.178 spt:500 dpt:500

OAK_MM exchange

it deletes the SAs and then immediation starts quick mode again and reestablishes. I have the sa lifetimes identical on both ends, but I don't understand why this happens, how resilient is the mgmt tunnel if there is some latency on the network? I can provide some configurations also.

1 REPLY
New Member

Re: Site2Site PIX6.3(5) to ASA5520 7.2(2) tunnel drops every few

I also seem to get alot of these and don't know if that is normal or out of the ordinary:

ISAKMP (0): retransmitting phase 2 (6/1)... mess_id 0x6bf1ec37

ISAKMP (0): retransmitting phase 2 (5/1)... mess_id 0x92fa5f2a

108
Views
0
Helpful
1
Replies