Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN resets every 5 minutes

I have a point to point IPSEC VPN between an 1841 (12.4(17a))and an ASA 5540 (8.0(3)). The tunnel is using 3DES/SHA1/DH2 with a preshare.

The tunnel comes up and works just fine, I can ping accross it and access resources from the remote site (1841).

Problem is that every 5 minutes the session disconnects. It then runs through Phase 1 and reconnects. We only lose it for like a second or two (1 or two pings).

The remote site is using a telnet application over the VPN that is very sensative to disconnects like this, and when it resets they lose their data and have to start over.

What I've done: Verified the IKE key lifetime is 86400 seconds on both sides, increased the Nat-T keepalice is 3600 seconds on the ASA side, and the IKE Keepalive is set to monitor keepalives confidence interval is 10, and retry interval is 2.

If I run a constant ping over this tunnel, I still see it reset (I lose pings and the ASA logs a session disconnected).

Anyone have any ideas on this?

3 REPLIES

Re: VPN resets every 5 minutes

Is there any NAT-T even kicking in? Otherwise you should try the regular 'isakmp keepalives'.

Please note NAT-T is disabled on ASA by default (at least in 7.x) and enabled by default on IOS. So with the default configs, they wont even negotiate NAt-T.

Regards

Farrukh

New Member

Re: VPN resets every 5 minutes

Yeah.. I got it figured out.. it was a group policy setting in the ASA for that specific connection that was set to expire after 5 minutes!

Thanks for the ideas!

Re: VPN resets every 5 minutes

Ok great to know you have it solved, and thanks for sharing what worked out for you with all of us.

Regards

Farrukh

1456
Views
5
Helpful
3
Replies