Cisco ASA 5510 to Cisco PIX 506E VPN Tunnel, Dropping RDP

- A
- andypatterson24
  
  Contact options for registered users
posted
16 years ago

Thu, Mar 20, 2008 2:14 AM

Hi All

I have a customer that has been using a Cisco PIX 506E to Cisco PIX

506E site-to-site VPN tunnel that I set up around 5 years ago. I have recently purchased a new Cisco ASA 5510 to replace one of the 506s. When the ASA 5510 is in place, RDP connections across the VPN tunnel to a terminal server are randomly disconnected. I have swapped the 506E back into production and the connections NEVER drop.

In an effort to troubleshoot, I downgraded the ASA 5510 to v7.23 from

8.0. Problem instantly reoccurred. I have called TAC to confirm the configuration is correct, which it is.

The other 506E is running v6.3.5.

I have plenty of other mixed VPN tunnels (v7 and v6.3.x) which have had no problems.

Could this be a bad device? or am I missing something? After I receive responses here, I may RMA the 5510.

Thanks!

- J
- jcle
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Sat, Mar 22, 2008 10:18 PM

I had a similar problem where tunnels would frequently drop not to pixes but various end points I was using acls to filter traffic and applying them to the group-policy and then applying that to the tunnel- group. I fixed it but using the vpn-idle-timeout command in the group- policy. Not sure what the default of this is.

- A
- andypatterson24
  
  Contact options for registered users
Vote on answer
posted
15 years ago

Fri, Apr 25, 2008 7:41 PM

I resolved this issue three weeks ago.

On the ASA, I entered the command "timeout conn 0:0:0". Everything has been fine since.

Andy