![]() ![]() Sometimes first Phase1 rekey process is working(without loosing old Phase2 SAs and the only difference in whole rekey process is in flags in logs: Pings are running from ASA's local subnet host to Checkpint's local subnet host every 60 seconds to keep connection running. Phase 1, and Phase 2 idle timers were setted to the same values at both ends.Ĭurrently we use 14400s for Phase s for Phase2 and this issue appears every 3 hours(75% of max idle time) VPN is establishing without any problems with initialization traffic from both local sites.īut when it comes to rekeying Phase 1(ASA is the initiator of rekeying process) then:ġ.New PHASE 1 rekey process is established properly.Ģ.ASA sends message to CHECKPOINT to delete old Phase 1 SAsģ.Checkpoint answers to ASA to also delete old Phase 2 SAs and here is the problem.Ĥ.ASA receives this message ald deletes old Phase 2 SAsĥ.PHASE 2 is created from the begining, but current tcp connections between local sites are dropped We have issue with VPN l2l dropping after PHASE 1 rekeying process. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |