Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

VPN from CISCO ASA 5530 8.3(2) to Azure reset every 1 minute

Hello, 

I have a VPN between my on premise servers and MS azure and it is disconnected every one minute more or less.

I have attached a debug file generated into the ASDM.

192.168.213.0 is the Azure Network and 10.xx.x.x are the on premise networks.

I don´t know why this is happening:

7|Jul 22 2014|14:41:21|713906|||||Ignoring msg to mark SA with dsID 255590400 dead because SA deleted
4|Jul 22 2014|14:41:21|113019|||||Group = AZ.UR.E.IP, Username = AZ.UR.E.IP, IP = AZ.UR.E.IP, Session disconnected. Session Type: IPsec, Duration: 0h:00m:58s, Bytes xmt: 4438, Bytes rcv: 7604, Reason: User Requested
5|Jul 22 2014|14:41:21|713259|||||Group = AZ.UR.E.IP, IP = AZ.UR.E.IP, Session is being torn down. Reason: User Requested

 

Any idea?
The configuration is the default configuration provided by azure.


Thanks.

Everyone's tags (1)
2 REPLIES
New Member

Hello,Finally I solve it, is

Hello,
Finally I have solved the issue, is mandatory have the same networks in both extremes.
Local networks in azure have to be exactly the same in the crypto map ACL of the ASA 8.3 device
Like these lines :
access-list azure-vpn-acl extended permit ip object-group onprem-networks object-group azure-networks
crypto map OUTSIDE_map 20 match address azure-vpn-acl

My problem was the follwing, I had in the azure local networks 10.50.0.0/24 and 10.50.0.50/32 into the  ASA acl cyptomap and it produced disconnections every one minute.

 

 

 

New Member

This solution worked great

This solution worked great for us as well with an ASA 5512 running 9.3(1) firmware.  The virtual networks created in Azure didn't match up with the networks on the ASA.  Since we couldn't just delete the virtual network address space in Azure we had to completely blow away the Virtual Network in Azure using this page: 

http://fabriccontroller.net/blog/posts/solving-the-virtual-network-myvnet-is-in-use-and-cannot-be-deleted-error-when-deleting-a-windows-azure-virtual-network/

Once the network was rebuilt in Azure and the networks on the ASA and Azure matched up, the VPN stayed up longer than 60 seconds (1 minute).

757
Views
5
Helpful
2
Replies
CreatePlease to create content