Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN not rekeying correctly

We currently have 15 customer support agents working from home.  The setup they have is an RV180 small business VPN router at the agent's home, connected to a cable modem on our plant (we are a cable company/ISP).  The RV180 has an IPSec site-to-site VPN back to the corporate office's ASA5520.  Randomly, the RV180 will intiate a Phase I rekey, and for some reason the RV180 and ASA5520 can no longer communicate.  I know the cable modem connection is not dropping, as I can get into the agent router from the corporate office.  After 15-20 minutes, the RV180 does another rekey and everything comes up.  I have RV180s on and firmware that both do this.  The ASA is running 8.3(2).

Anyone seen this before?  I'm considering an update to the ASA OS, but I have no idea if that will take care of it.  I have also seen the two rebuild the tunnel with no errors, but not pass traffic until another rekey happens.

Community Member

VPN not rekeying correctly

Same problem here:

ASA 5510 Version: 8.4

RV180 Version:

Community Member

VPN not rekeying correctly

I wound up opening a ticket for this.  The Small Business support people said that the VPN settings need to match exactly, or the RV180 would have trouble connecting.  I modified the lifetimes on the RV180 side to match the 86400/28800 defaults that are on the ASA, and for a while it seemed to work.  After upgrading the ASA to 9.1(4), the problem seems to have returned - the traffic stops flowing randomly after a rekey.  I have another ticket open for that as well, but no resolution so far.

I'm thinking it has to do with the kb lifetime setting that is default on the ASA.  In the RV180, you have either a timed lifetime, or a kb lifetime, but not both.  In the ASA, you have both, and there doesn't seem to be any way of turning off the kb lifetime on the ASA.

CreatePlease to create content