Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - PIX Site-Site VPN problem

Hi,

We have a site to site IPSec VPN tunnel with a PIX 535 at one end and an ASA on the other. We don't manage the ASA. A user reports that his Remote Desktop session from his PC behind the ASA hangs every couple of minutes. We captured traffic on the client PC, and behind the PIX at this end in front of the server. We saw that the RDP client receives an RST even though no RST is captured on the server side. There is less than a second between the time apparently good traffic is seen and the RST.

We don't know if it is the PIX or the ASA that is generating the RST, effectively ending the session. How can we determine why this is happening and on which device?

thanks

Mike

2 REPLIES
New Member

Re: ASA - PIX Site-Site VPN problem

If you do a debug packet on the inside interface of the PIX with the dst option set to the client address, then attempt the connection again, you should see alot of info in the debug session, but you should be able to fish out the address that sends the rst packet to the client.

Re: ASA - PIX Site-Site VPN problem

I am just wondering is the IDS/IPS function enabled on PIX or could there a dedicated IDS device in the path that's spoofing the address of the server and sending RST packets back to the client.

163
Views
0
Helpful
2
Replies
CreatePlease to create content