Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN drops from new office locations through ASA, HELP

Hello everybody !

First let me say that I have looked through the forum to see if I could find the answer to my question, but I havent found it so here I go.

First a little background information.

My company have used Cisco VPN for the last 5 years without problems of any kind, we are running with the lates firmware and clients at the 3020 appliance.

I have min. 50 connections running for more than 8 hours everyday from 50 different locations, behind several different firewall setups. These firewalls are not my companys, but the customers.

Now my company has been bought by a bigger company,and we are experiencing problems with keeping a VPN connection from within this new company ???

They are using a ASA appliance as gateway, I havent got any configs from them, because they do believe that their setup is okay, but we haver never before noticed these problems with VPN drops.

The problem is that the VPN only runs for 5-10 minutes before the connection is lost, and if the user go to another location to test it worsk perfect, so I believe that the problems must be behind the ASA appliance.

But what should I look after ??

When the connection is lost the client just tells " the remote peer no longer responding "

I could post my own config but what would this help , when all our connections from other locations are working well ?

The problem exist in both TCP and UDP.

Hope that someone have a suggestion.

Kind regards Thomas

New Member

Re: VPN drops from new office locations through ASA, HELP

If the VPN tunnel is established successfully (even for 5 min), meaning the phase 1 and 2 settings are ok. If it drops only after running for 5-10 minutes, there might be a keeplive setting that terminates the tunnel. Try turning on debugging on isakmp and ipsec on your VPNC3020. And ask to do the same on the other side (if they are willing to cooperate with you). You should see the cause from the debugs. If you have the debug logs and still not sure what causes it, please post it here so that we can all look at it and figure out.