We currently have 15 customer support agents working from home. The setup they have is an RV180 small business VPN router at the agent's home, connected to a cable modem on our plant (we are a cable company/ISP). The RV180 has an IPSec site-to-site VPN back to the corporate office's ASA5520. Randomly, the RV180 will intiate a Phase I rekey, and for some reason the RV180 and ASA5520 can no longer communicate. I know the cable modem connection is not dropping, as I can get into the agent router from the corporate office. After 15-20 minutes, the RV180 does another rekey and everything comes up. I have RV180s on 220.127.116.11 and 18.104.22.168 firmware that both do this. The ASA is running 8.3(2).
Anyone seen this before? I'm considering an update to the ASA OS, but I have no idea if that will take care of it. I have also seen the two rebuild the tunnel with no errors, but not pass traffic until another rekey happens.
I wound up opening a ticket for this. The Small Business support people said that the VPN settings need to match exactly, or the RV180 would have trouble connecting. I modified the lifetimes on the RV180 side to match the 86400/28800 defaults that are on the ASA, and for a while it seemed to work. After upgrading the ASA to 9.1(4), the problem seems to have returned - the traffic stops flowing randomly after a rekey. I have another ticket open for that as well, but no resolution so far.
I'm thinking it has to do with the kb lifetime setting that is default on the ASA. In the RV180, you have either a timed lifetime, or a kb lifetime, but not both. In the ASA, you have both, and there doesn't seem to be any way of turning off the kb lifetime on the ASA.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...