Hey everyone, been in here several times with the same problem.
I run serveral ASAs on several internet providers that all fail on a L2L to a remote site. On the remote site we have tried Palo Alto, Fortigate, Cisco ASA5505. On the local siste i run a 5555-X and a 5550.
The config is correct and the ipsec can run normally for 1 hour to 14 days, then it drops, after that both firewalls complaines about duplicate phase 1 packets. This for me seems like the one of the FWs could have a wrong route or something but everything checks out. I can ping and access https for example on the remote box, it only fails on L2L. Diffrent public IP have been used to rule out duplicate IP on the remote site.
Attached are error logs from both boxes, they are almost identical. I have contacted the ISP on the remote site for assistence, but not much help.
The local and remote sites all run other tunnels ok (100+).
I have been working on this for 4 months and Im about to go totally loopy !,
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...