We have a VPN tunnel b/w a CheckPoint and a Cisco ASA. The tunnel is up and working, but almost every day around noon I get the following messages and the tunnel breaks and reforms successfully. Phase 1 is set on both sides at 1440min/86400 seconds; phase 2 is set on both sides to 3600. It sounds like the tunnel is just terminating at the end of the phase 1 lifetime, but people are using the tunnel and report that their sessions break, so I'm confused. Any ideas/help would be appreciated. Thank you.
713041 IP=188.8.131.52, IKE Initiator: Rekeying Phase 1,Intf Internet, IKE Peer 184.108.40.206, local Proxy Address N/A, remote Proxy Address N/A, Crypto map N/A
713903 Group=220.127.116.11, IP=18.104.22.168, Freeing previously allocated memory for authorization-dn-attributes
Were you able to find a solution? I have the same problem between windows 2003 and an ASA. I have noticed that it drops at 75% of the phase1 time. If I set it to 8hrs; it breaks at 6hrs, I set it to 4hrs; it breaks at 3hrs, I set it to 20 minutes and it breaks at 15 minutes. Like clock work.
Users were reporting their sessions were breaking. I looked at the logs from the ASA and based on the messages (like "PHASE 1 Completed", I was assumed the tunnel was breaking and then reforming, and that's what was causing the session disconnect. Speaking further with the users, I found that some sessions did not get disconnected, but this one Oracle app always did. So I had the user send the screen shot of the error that she received when her session broke. I googled it and found a timeout issue caused by a parameter in a *.ora file. I had the DBA change the parameter to see if it resolved the user's issue, and as far as I know, it did. I don't work that closely with Cisco, so perhaps the messages I thought indicated a break in the tunnel actually were just normal messages. I just know the user is no longer complaining of session disruptions. Good luck ... I hope you find an answer to your issue.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :