Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Tunnel Drops

Hi Having a weird issue between a ASA 5505 and ASA 5520 both are running 804-K8.

The tunnel will remain up for around 8 Hours then drop. It will then be down for about 30 seconds before coming back up.

This wasn't a problem until we started replicating across the tunnel and the drops crash the replication.

We have upped the timeouts and neither of them are now breached.

I have been hitting my head against this for a while now and any help would be gratefully received.

The errors when this happens are

2009-06-05 01:12:40 Local4.Notice LocalIP Jun 05 2009 01:10:33: %ASA-5-713041: Group = PublicIP, IP = PublicIP, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer publicIP local Proxy Address localrange, remote Proxy Address remoterange, Crypto map (vpn)

2009-06-05 01:13:12 Local4.Error LocalIP Jun 05 2009 01:11:05: %ASA-3-713902: Group = PublicIP, IP = publicIP, QM FSM error (P2 struct &0xd4f53f60, mess id 0x89aa93ae)!

2009-06-05 01:13:12 Local4.Alert LocalIP Jun 05 2009 01:11:05: %ASA-1-713900: Group = PublicIP, IP = PublicIP, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

2009-06-05 01:13:12 Local4.Warning Localnetwork Jun 05 2009 01:11:05: %ASA-4-113019: Group = PublicIP, Username = PublicIP, IP = publicIP, Session disconnected. Session Type: IPsec, Duration: 8h:35m:58s, Bytes xmt: 3210418510, Bytes rcv: 188159058, Reason: Phase 2 Error

These are coming when the tunnel drops, I would normally say there was a miss-configured endpoint or IP typo but the tunnel comes up and is fairly stable, it looses about 30 seconds every 8 hours, but unfortunately this is to much for the tunnels purpose.




Re: Tunnel Drops

If you are using an ASA running software version 7.1 then it is bug CSCse29700. WebVPN and SSL VPN Client sessions to an ASA running software version 7.1 are intermittently disconnected As a workaround, perform either of these steps:

Reload the Cisco Adaptive Security Appliance (ASA) until the issue is resolved.

Download and upgrade the ASA software to any one of these versions:


New Member

Re: Tunnel Drops

Hi thanks for the reply but I am running 8.03 is the problem still occuring in this build?

New Member

Re: Tunnel Drops

Sorry to bump this but it is a real problem while moving large files between sites.

CreatePlease to create content