I've configured a VPN between 2 offices using two ASA 5505 v. 7.2(4) via IPSec
The problem is that randomly the VPN connection drops. It can be working fine for hours and then fail, while the rest it is working fine (internet)
The solution comes by reloading the system which will always work and the connection is back again.
The IkE is using 3Des encription, pre-share authentication and 86400secs lifetime.
I don't really know what to check, or how to monitor it. I have been using the ASDM monitoring tools to check the Ipsec/IKE connections, but obviously cannot determine what is causing the problem or how to start troubleshooting it.
At this point, I am using a ping that continously pings a remote computer, and when it fails, I receive a mail.
There are several things that might produce the symptoms of random loss of VPN connectivity. When I hear some talk about loss of VPN connectivity, one of the first things that I think about is that Security Associations (might be ISAKMP or might be IPSEC) have expired (this is a normal event) and not have been re-negotiated (this would be the not normal part of the problem). Can you check and verify whether the continuous ping traffic is part of what is permitted in the ACL that defines interesting traffic for the VPN? If the ping is interesting traffic then that should take care of re-negotiating the SAs and the problem is something else.
When the problem happens and before you reload can you check on a few things:
- can you verify that there is IP connectivity between the ASAs? Can you ping from one ASA to the peer address of the other ASA?
- can you check the logs of the ASA for any event happening recently that might impact the VPN?
Sorry for the delay, I have been doing more tests, and seems that the problem was being caused by my static NAT rule. I deleted it and worked fine for 1 week. Now if I try to add the Static NAT rule get this message:
WARNING: static redirecting all traffics at outside interface; WARNING: all services terminating at outside interface are disabled.
So I need to figure out how to manage my other VPN to work
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...