Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SA520 VPN stuck on IPsec SA Is Expiring

I'm very new to VPNs and the SA520 device so please excuse me if I am missing something obvious. I have searched around but I cannot seem to find anything on this issue other than a couple of open discussions with no responses.

Currently I have 2 sites setup with an SA520 in each location. I can get the VPN up and running and data transferring across, however I've run into a couple of times now where the VPN status goes to IPsec SA Is Expiring and I can't get it to drop the connect to re-establish. After a reboot it will say that it is established but nothing actually travels over the VPN. One of the SA520 will show packets transferred, but the other one will just stay on 0 packets/kb.

So far the only way I have been able to get it working again is to factory reset the device at one of our locations and then recreate all of the settings and policies. Needless to say, this is a giant hassle to do. Is this a flaw in the device or is this potentially a problem with the hardware itself?


SA520 VPN stuck on IPsec SA Is Expiring

Hello Robert,

Make sure your phase 1 and phase 2 lifetimes match on both sides.

If you are using PFS try disabling it.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

SA520 VPN stuck on IPsec SA Is Expiring

Please post your config on the forum, from both end devices.