Cisco Support Community
Community Member

L2L VPN between ASA 5505 and VPN Concentrator 3002

The L2L VPN works great but occasionally our ASA outside port stops working. We use this connection for data replication and during some periods of high bandwidth usage the ASA outside port stops sending and receiving. See the attachment for logging information. I read about a an invalid SPI recovery feature Cisco has but it does not look like a feauture built into the ASA or VPN Concentrator. I am not sure which device is causing the problem but the ASA has to be reloaded each time this problem occurs. After the reload the VPN is reestablished and we are running until the next incident which seems to be sporadic. Any ideas??

Community Member

Re: L2L VPN between ASA 5505 and VPN Concentrator 3002


If the ASA outside interface stops sending and receiving, it means that it could not process the packets anymore. There are a lot of issue leading to this behaviour. First, Check if your ASA is having high CPU utilization (greater that 80%), it yes then the device itself could not handle the load. Enable logging on your ASA and sent it to a SYSLOG server to see what is happening before the ASA freezes. At the time of the incident, do a "sh tech" to check for the process. Second, check if there are devices that is creating too much translation, it could be a virus...detach the interfaces and check if the utilization would normalize...

Hope this helps amd let me know the results.



CreatePlease to create content