vpn goes down intermettenly for one or more locations

[Guest]

Hi, We are facing a major issue of VPN tunnel going down very often. I have 7 Site-2-Site VPN connectivity, this works fine for some days and suddently VPN tunnel goes down intermettenly for one or few locations and i need to clear isakmp sa for that speicific tunnel to come up. When tunnel goes down the vpn phase 1 status.....  6   IKE Peer: 125.18.0.38    Type    : L2L             Role    : initiator    Rekey   : yes             State   : MM_ACTIVE_REKEY7   IKE Peer: 125.18.0.38    Type    : L2L             Role    : responder    Rekey   : no              State   : MM_REKEY_DONE_H2   After clearing phase 1 for specific tunnel the VPN tunnel come up. 7   IKE Peer: 125.18.0.38    Type    : L2L             Role    : responder    Rekey   : no              State   : MM_ACTIVE  CINBLR01-SQDR-FIREWALL-00002# sh version Cisco Adaptive Security Appliance Software Version 8.04Device Manager Version 6.1(5) Compiled on Thu 07-Aug-08 20:53 by buildersSystem image file is "disk0:/asa804-k8.bin"Config file at boot was "startup-config" CINBLR01-SQDR-FIREWALL-00002 up 1 day 17 hours Hardware:   ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHzInternal ATA Compact Flash, 256MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)                             Boot microcode   : CN1000-MC-BOOT-2.00                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05 0: Ext: Ethernet0/0         : address is 001b.0c38.d232, irq 9 1: Ext: Ethernet0/1         : address is 001b.0c38.d233, irq 9 2: Ext: Ethernet0/2         : address is 001b.0c38.d234, irq 9 3: Ext: Ethernet0/3         : address is 001b.0c38.d235, irq 9 4: Ext: Management0/0       : address is 001b.0c38.d231, irq 11 5: Int: Not used            : irq 11 6: Int: Not used            : irq 5 Licensed features for this platform:Maximum Physical Interfaces  : UnlimitedMaximum VLANs                : 100Inside Hosts                 : UnlimitedFailover                     : Active/ActiveVPN-DES                      : EnabledVPN-3DES-AES                 : EnabledSecurity Contexts            : 2GTP/GPRS                     : DisabledVPN Peers                    : 250WebVPN Peers                 : 2AnyConnect for Mobile        : DisabledAnyConnect for Linksys phone : DisabledAdvanced Endpoint Assessment : DisabledUC Proxy Sessions            : 2 This platform has an ASA 5510 Security Plus license.  Please suggest a permanent fix to this... Regards,Narendra

[Guest]

Hi, Looks like you have pfs enabled in the tunnel configuration. Please remove the pfs configuration. Regards,Anisha P.S.: please mark this post as answered if you feel your query is answered. Do rate helpful posts.

[Guest]

Hi Anisha DamaniYes, the moment we removed PFS in both the box’s the VPN tunnel is up. But after some instance we again notice the vpn tunnel goes down intermittently. Pls help us in details what would be cause and how PFS is correlated with this issue.

[Guest]

Hi, From the original post i see that there was rekey that is happening. it happens because of the PFS.  PFS ensures that each new cryptographic key is  unrelated to any previous key details of the command are:http://www.cisco.com/en/US/docs/securit ... #wp1881397 Hope this helps. Regards,Anisha -Do rate helpful posts.

[Guest]

Thx for the update and appreciate your support on this..  Hope this will resolve my VPN issue & let me not revert on VPN going down once again thx...