Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

VPN from CISCO ASA 5530 8.3(2) to Azure reset every 1 minute


I have a VPN between my on premise servers and MS azure and it is disconnected every one minute more or less.

I have attached a debug file generated into the ASDM. is the Azure Network and 10.xx.x.x are the on premise networks.

I don´t know why this is happening:

7|Jul 22 2014|14:41:21|713906|||||Ignoring msg to mark SA with dsID 255590400 dead because SA deleted
4|Jul 22 2014|14:41:21|113019|||||Group = AZ.UR.E.IP, Username = AZ.UR.E.IP, IP = AZ.UR.E.IP, Session disconnected. Session Type: IPsec, Duration: 0h:00m:58s, Bytes xmt: 4438, Bytes rcv: 7604, Reason: User Requested
5|Jul 22 2014|14:41:21|713259|||||Group = AZ.UR.E.IP, IP = AZ.UR.E.IP, Session is being torn down. Reason: User Requested


Any idea?
The configuration is the default configuration provided by azure.


Everyone's tags (1)
New Member

Hello,Finally I solve it, is

Finally I have solved the issue, is mandatory have the same networks in both extremes.
Local networks in azure have to be exactly the same in the crypto map ACL of the ASA 8.3 device
Like these lines :
access-list azure-vpn-acl extended permit ip object-group onprem-networks object-group azure-networks
crypto map OUTSIDE_map 20 match address azure-vpn-acl

My problem was the follwing, I had in the azure local networks and into the  ASA acl cyptomap and it produced disconnections every one minute.




New Member

This solution worked great

This solution worked great for us as well with an ASA 5512 running 9.3(1) firmware.  The virtual networks created in Azure didn't match up with the networks on the ASA.  Since we couldn't just delete the virtual network address space in Azure we had to completely blow away the Virtual Network in Azure using this page:

Once the network was rebuilt in Azure and the networks on the ASA and Azure matched up, the VPN stayed up longer than 60 seconds (1 minute).

CreatePlease to create content