I have a point to point IPSEC VPN between an 1841 (12.4(17a))and an ASA 5540 (8.0(3)). The tunnel is using 3DES/SHA1/DH2 with a preshare.
The tunnel comes up and works just fine, I can ping accross it and access resources from the remote site (1841).
Problem is that every 5 minutes the session disconnects. It then runs through Phase 1 and reconnects. We only lose it for like a second or two (1 or two pings).
The remote site is using a telnet application over the VPN that is very sensative to disconnects like this, and when it resets they lose their data and have to start over.
What I've done: Verified the IKE key lifetime is 86400 seconds on both sides, increased the Nat-T keepalice is 3600 seconds on the ASA side, and the IKE Keepalive is set to monitor keepalives confidence interval is 10, and retry interval is 2.
If I run a constant ping over this tunnel, I still see it reset (I lose pings and the ASA logs a session disconnected).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...