Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

irregular vpn-tunnel drops

Hi,

I have a VPN-tunnel between a Cisco ASA 5505 and a Checkpoint FW-1 firewall. The tunnel drops with irregular intervals, and I have been unable to determine why. I need some help to understand the debug output from the Cisco box that keeps dropping the tunnel.

We want all traffic from two inside networks on the Cisco ASA side to be tunneled over to the Checkpoint side.

I have attached the running config from the Cisco ASA box and the “debug crypto isakmp 255” output. The debug output keeps looping over and over again once the VPN tunnel has gone down.

2 REPLIES

Re: irregular vpn-tunnel drops

Hi,

From the debug, you can tell your asa is trying to initiate an isakmp session but your Checkpoint is not responding.

I did not see a static or default route in your ASA config to reach the checkpoint. Could the ASA isakmp process it generating the packet but the routing process in the ASA is dropping it because you got no route ?

New Member

Re: irregular vpn-tunnel drops

Hi,

There is a static route, however it got omitted when i censored the running-config.

The devices do have contact over the network, even though the tunnel goes down. However it seems like the phase 1 renegotiation does work.

316
Views
0
Helpful
2
Replies
CreatePlease to create content