Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Urgent - Site to Site VPN - sequence of reply and timed out

We have a Site to Site VPN with another company that hosts an application server. If I setup a ping -r from my windows computer to their server i will received about 150 successful ping replies then 13 request timed out and this repeats endlessly. We have both triple checked our settings and are not aware of any changes at either end that was made.

Any help in troubleshooting would be greatly appreciated.

Thanks

We have an ASA5505 and they have a Palo Alto product.

Everyone's tags (8)
8 REPLIES
Cisco Employee

Urgent - Site to Site VPN - sequence of reply and timed out

Could there be any IPS/thread detection or any other features/devices that might be thinking that it is an attack and temporarily blocking the ping? if it is repetitive at exactly 150 success and 13 timeout, it might be something that is blocking it temporarily.

New Member

Re: Urgent - Site to Site VPN - sequence of reply and timed out

I agree with Jen. might be the IPS at your end.

Try disabling icmp inspect on your ASA and try the ping(on the VPN tunnel if you have no filters/restrictions -all traffic should flow seamlessly)

Do you have any other tunnel from your ASA to a diferent peer. do you notice similar results?

New Member

Re: Urgent - Site to Site VPN - sequence of reply and timed out

thanks for the two replies. Our ASA5505 does have a IPS module -

ASA 5500 Series AIP Security Services Card-5 ASA-SSC-AIP-5 but I have turned it off . This peer has two subnets and we have the issue pinging to hosts in both the subnets. The main issue is when we are connected to the application on their end we get disconnected after two minutes, the ping i am using as a test which validates we are having packet loss.

debug crypto isakmp 255 & debug crypto ipsec 255 show no issues and in adsm i select monitoring , logging debug and view i don't see anything specific blocking traffic when the pings time out.

any other ideas/suggestions appreciated!

thanks

Cisco Employee

Re: Urgent - Site to Site VPN - sequence of reply and timed out

what application is it, and what protocol and port does it use?

New Member

Re: Urgent - Site to Site VPN - sequence of reply and timed out

its a finance application by a company called tylerworks called munis and uses port 6400. I am sure if the ping just continued uninterrupted the application would be fine. I just need to see what is causing that interruption

New Member

Re: Urgent - Site to Site VPN - sequence of reply and timed out

From my continued research im hoping it is a traffic shaping issue with one of our ISPs, but I am not sure if others might of seen this before from their ISP?

New Member

Urgent - Site to Site VPN - sequence of reply and timed out

policing is done only to shape the b/w at ISP's.

I would check the device at the remote end whether it has reached it's threshold and it's queues are full.

Cisco Employee

Urgent - Site to Site VPN - sequence of reply and timed out

It could possibly be this bug as well:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtd36473

What version of ASA are you running?

1180
Views
0
Helpful
8
Replies
CreatePlease to create content