Hi all,
We keep losing our IPsec VPN connection to a Cisco ASA (every few hours), which drops all existing connections. I’m not sure why because our logs only say:
2026-04-20 10:10:26 killing ike2 SA: My Peer Mumbai our-ip[4500]-their-ip[4500] 57f95c5a81fe9c3d:53f840fe96db411f
2026-04-20 10:10:40 new ike2 SA (I): My Peer Mumbai our-ip[4500]-their-ip[4500] 0f8bc87fd7d14b57:f81d46b4d9d19a12
2026-04-20 10:10:40 peer authorized: My Peer Mumbai our-ip[4500]-their-ip[4500] 0f8bc87fd7d14b57:f81d46b4d9d19a12
I’m not sure if this was caused by an expiring key, no response to DPD sent by us, remote side killing the SA, or something else. The time delay to renegotiate is also rather longer than I would expect (14 seconds). I’ve tried enabling logging for ipsec,debug,!packet but it’s so verbose that it’s hard to find any useful info. Remote logs (ASA) look like:
Apr 20 09:10:03 NETMUM1-FWLA01 : %ASA-7-750016: Local:their-ip:4500 Remote:our-ip:4500 Username:our-ip IKEv2 Need to send a DPD message to peer
Apr 20 09:10:17 NETMUM1-FWLA01 : %ASA-5-750007: Local:their-ip:4500 Remote:our-ip:4500 Username:our-ip IKEv2 SA DOWN. Reason: peer lost
Apr 20 09:10:17 NETMUM1-FWLA01 : %ASA-4-113019: Group = our-ip, Username = our-ip, IP = our-ip, Session disconnected. Session Type: LAN-to-LAN, Duration: 1h:26m:20s, Bytes xmt: 354098, Bytes rcv: 131744, Reason: Lost Service
Apr 20 09:10:17 NETMUM1-FWLA01 : %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0x09A323D1) between their-ip and our-ip (user= our-ip) has been deleted.
Apr 20 09:10:17 NETMUM1-FWLA01 : %ASA-6-602304: IPSEC: An inbound LAN-to-LAN SA (SPI= 0xECF3EAA8) between our-ip and their-ip (user= our-ip) has been deleted.
Note that this is slightly before our side killed the SA, although I can’t guarantee that their clock is synchronized (our side is synced by NTP).
Any idea what’s happening here please?
Thanks in advance, Chris.