Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5510 - Strange behavior in Logs.

Hi all,

One of my VPN tunnels just went down this morning.

Here is the log sequence related to the disconnection of the tunnel VPN

1.1.1.1 refers to the public adress ouf one of our remote office.

175.175.175.175 refers to a public ADSL geo located in USA

220.220.220.220 referts to a public geo located in Japan

2013-12-06 09:24:20     Local5.Notice   ASA5510_IP  Dec 06 2013 09:24:19: %ASA-5-713259: Group = 1.1.1.1 IP = 1.1.1.1 Session is being torn down. Reason: User Requested

2013-12-06 09:24:20     Local5.Warning  ASA5510_IP     Dec 06 2013 09:24:19: %ASA-4-113019: Group = 1.1.1.1, Username =1.1.1.1

, IP = 175.175.175.175, Session disconnected. Session Type: LAN-to-LAN, Duration: 43d 23h:15m:26s, Bytes xmt: 2137388446, Bytes rcv: 4117994244, Reason: User Requested

2013-12-06 09:24:20     Local5.Notice  ASA5510_IP Dec 06 2013 09:24:19: %ASA-5-713904: IP = 1.1.1.1, Received encrypted packet with no matching SA, dropping

2013-12-06 09:24:20     Local5.Notice   ASA5510_IP    Dec 06 2013 09:24:19: %ASA-5-713259: Group = ASA5510_IP IP = 1.1.1.1

, Session is being torn down. Reason: User Requested

2013-12-06 09:24:20     Local5.Warning  ASA5510_IP    Dec 06 2013 09:24:19: %ASA-4-113019: Group = 1.1.1.1  Username =

1.1.1.1 IP = 220.220.220.220, Session disconnected. Session Type: LAN-to-LAN, Duration: 43d 23h:15m:27s, Bytes xmt: 2137372866, Bytes rcv: 4117978274, Reason: User Requested

Reading the log I  first understand that some public IP have been able to establish a L2L Connection with our office.

I'm not friendly with Cisco ASA's log message.

If someone can help me understant that message, espacially if it some sort of security issue.

Thanks in advance for your help.

Best Regards.

1 REPLY
Cisco Employee

ASA5510 - Strange behavior in Logs.

Hi Eugene,

The message says that the remote site is informing the  ASA to bring down the tunnel. Unfortunately there is no information on  the ASA of the reason. You may need to check the logs on the remote  device to verify why it torn down the connection.

I hope it helps.

regards,

Itzcoatl

265
Views
0
Helpful
1
Replies