f



Cisco ASA 5510 to Cisco PIX 506E VPN Tunnel, Dropping RDP

Hi All

I have a customer that has been using a Cisco PIX 506E to Cisco PIX
506E site-to-site VPN tunnel that I set up around 5 years ago.  I have
recently purchased a new Cisco ASA 5510 to replace one of the 506s.
When the ASA 5510 is in place, RDP connections across the VPN tunnel
to a terminal server are randomly disconnected.  I have swapped the
506E back into production and the connections NEVER drop.

In an effort to troubleshoot, I downgraded the ASA 5510 to v7.23 from
8.0.  Problem instantly reoccurred.  I have called TAC to confirm the
configuration is correct, which it is.

The other 506E is running v6.3.5.

I have plenty of other mixed VPN tunnels (v7 and v6.3.x)  which have
had no problems.

Could this be a bad device? or am I missing something?  After I
receive responses here, I may RMA the 5510.

Thanks!
0
andypatterson24
3/20/2008 2:14:20 AM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

2 Replies
1472 Views

Similar Articles

[PageSpeed] 18

On Mar 19, 10:14=A0pm, andypatterson24 <andypatterso...@gmail.com>
wrote:
> Hi All
>
> I have a customer that has been using a Cisco PIX 506E to Cisco PIX
> 506E site-to-site VPN tunnel that I set up around 5 years ago. =A0I have
> recently purchased a new Cisco ASA 5510 to replace one of the 506s.
> When the ASA 5510 is in place, RDP connections across the VPN tunnel
> to a terminal server are randomly disconnected. =A0I have swapped the
> 506E back into production and the connections NEVER drop.
>
> In an effort to troubleshoot, I downgraded the ASA 5510 to v7.23 from
> 8.0. =A0Problem instantly reoccurred. =A0I have called TAC to confirm the
> configuration is correct, which it is.
>
> The other 506E is running v6.3.5.
>
> I have plenty of other mixed VPN tunnels (v7 and v6.3.x) =A0which have
> had no problems.
>
> Could this be a bad device? or am I missing something? =A0After I
> receive responses here, I may RMA the 5510.
>
> Thanks!

I had a similar problem where tunnels would frequently drop not to
pixes but various end points I was using acls to filter traffic and
applying them to the group-policy and then applying that to the tunnel-
group.  I fixed it but using the vpn-idle-timeout command in the group-
policy.  Not sure what the default of this is.
0
jcle
3/22/2008 10:18:44 PM
I resolved this issue three weeks ago.

On the ASA, I entered the command "timeout conn 0:0:0".  Everything
has been fine since.

Andy
0
andypatterson24
4/25/2008 7:41:32 PM
Reply: