Cisco ASA 5510 to Cisco PIX 506E VPN Tunnel, Dropping RDP

Discussion in 'Cisco' started by andypatterson24, Mar 20, 2008.

  1. Hi All

    I have a customer that has been using a Cisco PIX 506E to Cisco PIX
    506E site-to-site VPN tunnel that I set up around 5 years ago. I have
    recently purchased a new Cisco ASA 5510 to replace one of the 506s.
    When the ASA 5510 is in place, RDP connections across the VPN tunnel
    to a terminal server are randomly disconnected. I have swapped the
    506E back into production and the connections NEVER drop.

    In an effort to troubleshoot, I downgraded the ASA 5510 to v7.23 from
    8.0. Problem instantly reoccurred. I have called TAC to confirm the
    configuration is correct, which it is.

    The other 506E is running v6.3.5.

    I have plenty of other mixed VPN tunnels (v7 and v6.3.x) which have
    had no problems.

    Could this be a bad device? or am I missing something? After I
    receive responses here, I may RMA the 5510.

    Thanks!
     
    andypatterson24, Mar 20, 2008
    #1
    1. Advertising

  2. andypatterson24

    jcle Guest

    On Mar 19, 10:14 pm, andypatterson24 <>
    wrote:
    > Hi All
    >
    > I have a customer that has been using a Cisco PIX 506E to Cisco PIX
    > 506E site-to-site VPN tunnel that I set up around 5 years ago.  I have
    > recently purchased a new Cisco ASA 5510 to replace one of the 506s.
    > When the ASA 5510 is in place, RDP connections across the VPN tunnel
    > to a terminal server are randomly disconnected.  I have swapped the
    > 506E back into production and the connections NEVER drop.
    >
    > In an effort to troubleshoot, I downgraded the ASA 5510 to v7.23 from
    > 8.0.  Problem instantly reoccurred.  I have called TAC to confirm the
    > configuration is correct, which it is.
    >
    > The other 506E is running v6.3.5.
    >
    > I have plenty of other mixed VPN tunnels (v7 and v6.3.x)  which have
    > had no problems.
    >
    > Could this be a bad device? or am I missing something?  After I
    > receive responses here, I may RMA the 5510.
    >
    > Thanks!


    I had a similar problem where tunnels would frequently drop not to
    pixes but various end points I was using acls to filter traffic and
    applying them to the group-policy and then applying that to the tunnel-
    group. I fixed it but using the vpn-idle-timeout command in the group-
    policy. Not sure what the default of this is.
     
    jcle, Mar 22, 2008
    #2
    1. Advertising

  3. I resolved this issue three weeks ago.

    On the ASA, I entered the command "timeout conn 0:0:0". Everything
    has been fine since.

    Andy
     
    andypatterson24, Apr 25, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    11,717
  2. Tilman Schmidt
    Replies:
    0
    Views:
    3,406
    Tilman Schmidt
    Jan 24, 2008
  3. Tilman Schmidt
    Replies:
    5
    Views:
    19,567
    Lutz Donnerhacke
    Feb 18, 2008
  4. Igor Mamuziæ aka Pseto
    Replies:
    0
    Views:
    1,152
    Igor Mamuziæ aka Pseto
    Jan 6, 2010
  5. Igor Mamuziæ aka Pseto
    Replies:
    0
    Views:
    1,172
    Igor Mamuziæ aka Pseto
    Jan 6, 2010
Loading...

Share This Page