Error on ASA5505: "IKE Receiver: Error reading from socket."
I'm expecting a problem with the network of a customer.
He has one ASA5505 connected to 2 RV082 using VPN IPSec (1 top office and 2 remote sites).
Each sites have 2 internet ADSL providers: "Provider A" and "Provider B" for backup purpose.
The remote site 1 has the default connection using "Provider A" network on both sites (top office and remote site) and "Provider B" for backup purpose.
While remote site 2 has the default connection using "Provider B" network on both sites (top office and remote site) and "Provider A" for backup purpose.
(Kind of load balancing when all connections are working good)
When all "3 sites x 2 =" 6 connections are working, I doesn't have any problem and all is working good.
But since 2 weeks, the "Provider A" of the top office is disconnected: both remote site uses "Provider B" and are connected to the top office on
the "Provider B" connection. ("Provider A" is no longer used on every sites.)
This configuration works good until a short disconnection appear on "Provider B" connection on "Site 2".
Then I have many "IKE Receiver: Error reading from socket." on the ASA5505 syslog and the RV082 located on "Site 2" says it's connect but it isn't. (It is not possible to ping "site 2" from top office network.)
If I force this RV082 to reconnect, I can from the top office, ping "Site 2" and open a remote desktop session to the server located on "site 2".
But I cannot ping top office network from "Site 2" and I cannot open a remote desktop session to the server located on "top office"
(it's very strange I can ping from a A network to a B network but not from B to A).
Restart the RV082 of the "Site 2" and/or the ASA5505 does not fix the problem and I continue to get the IKE socket error message.
To fix the problem until next "Site 2" "Provider B" disconnection, I have to disconnect or restart the RV082 located on "Site 1" and then do the same to the RV082 located on "Site 2".
I use updated firmware: RV0XX-v4.1.1.01-sp.bin for both RV082 v3 and asa843-9-k8.bin for the ASA5505.
ASA routing part :
# 192.168.1.0 is the network of the top office # 192.168.2.0 is the network of site 1 # 192.168.3.0 is the network of site 2
# 192.168.20.2 is the @IP of the "Provider A" internet router located on top office # 192.168.21.2 is the @IP of the "Provider B" internet router located on top office
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...