jrmann1999
Technical User
I have about 25 offices setup with Site-to-Site tunnels to a Cisco ASA 5510. The 25 offices use mainly 1800 series routers(1811W mostly).
Every office experiences multiple disconnects every day, where the VPN appears to drop and restart instantaneously.
Each location runs Citrix to a server off the ASA 5510 DMZ port, all the citrix sessions drop whenever a VPN hiccup occurs.
Is there any guidance on how I can troubleshoot or diagnose this? I know the VPNs are setup with the default rekeying options(8 hours or a certain number of bytes), and whenever I'm on the ASA I see it rekey almost instantly, but nevertheless the sessions drop on the Citrix server.
I used to think it was NAT, but it's not a NAT issue(since nat isn't actually ocurring).
I used to terminate the connections to an 1841 router, but the CPU was running at 80% so it was advised that we move those VPN connections to the ASA instead of the 1841 router. When they were on the 1841 there was hardly ever a drop, and when it did happen it was very random(unlike the daily multiple drops each location sees).
It seems traffic related, most sites with heavy traffic volumes across the VPN drop more often. Their backhaul are all T1 links, and the T1 is NOT dropping, I've verified that much on a router.
Every office experiences multiple disconnects every day, where the VPN appears to drop and restart instantaneously.
Each location runs Citrix to a server off the ASA 5510 DMZ port, all the citrix sessions drop whenever a VPN hiccup occurs.
Is there any guidance on how I can troubleshoot or diagnose this? I know the VPNs are setup with the default rekeying options(8 hours or a certain number of bytes), and whenever I'm on the ASA I see it rekey almost instantly, but nevertheless the sessions drop on the Citrix server.
I used to think it was NAT, but it's not a NAT issue(since nat isn't actually ocurring).
I used to terminate the connections to an 1841 router, but the CPU was running at 80% so it was advised that we move those VPN connections to the ASA instead of the 1841 router. When they were on the 1841 there was hardly ever a drop, and when it did happen it was very random(unlike the daily multiple drops each location sees).
It seems traffic related, most sites with heavy traffic volumes across the VPN drop more often. Their backhaul are all T1 links, and the T1 is NOT dropping, I've verified that much on a router.
