ASA VPN Disconnections 1

[jrmann1999]

I have about 25 offices setup with Site-to-Site tunnels to a Cisco ASA 5510. The 25 offices use mainly 1800 series routers(1811W mostly).

Every office experiences multiple disconnects every day, where the VPN appears to drop and restart instantaneously.

Each location runs Citrix to a server off the ASA 5510 DMZ port, all the citrix sessions drop whenever a VPN hiccup occurs.

Is there any guidance on how I can troubleshoot or diagnose this? I know the VPNs are setup with the default rekeying options(8 hours or a certain number of bytes), and whenever I'm on the ASA I see it rekey almost instantly, but nevertheless the sessions drop on the Citrix server.

I used to think it was NAT, but it's not a NAT issue(since nat isn't actually ocurring).

I used to terminate the connections to an 1841 router, but the CPU was running at 80% so it was advised that we move those VPN connections to the ASA instead of the 1841 router. When they were on the 1841 there was hardly ever a drop, and when it did happen it was very random(unlike the daily multiple drops each location sees).

It seems traffic related, most sites with heavy traffic volumes across the VPN drop more often. Their backhaul are all T1 links, and the T1 is NOT dropping, I've verified that much on a router.

 

[jrmann1999]

Solved my own issue, the far end routers(1800 series) were rekeying every 3600 seconds. The ASA profile was set to 28800 seconds, but the far end routers overrode it(Debugging on the ASA helped with this) IN my VPN profile I reset the keying to 28800 on the far end 1800 series routers and now the vpn tunnels are stable.

 

[maczen]

jrmann1999,
Thanks for posting your solution and helping out the community!

Star! For answering your own question.. LoL

B Haines
CCNA R&S, ETA FOI