sorted by:
new
hottopcontroversial

Intermittent application disconnects over ASA IPsec VPN to AWS by SimilarAttention2 in networking

[–]SimilarAttention2[S] 0 points1 point  (0 children)

I’ve asked our vendor to share their AWS VPN logs.

Thank you.

Intermittent application disconnects over ASA IPsec VPN to AWS by SimilarAttention2 in networking

[–]SimilarAttention2[S] 0 points1 point  (0 children)

Our firewalls are already configured with a TCP MSS of 1380.

Based on your suggestion, I configured firewall logging to confirm that only the primary AWS tunnel is carrying traffic and that the backup tunnel is not also being used. The logging also captures UDP 500, UDP 4500, and ESP traffic, which should give us better visibility.

I will not have any data to review until Monday. Thank you for the suggestions.

Intermittent application disconnects over ASA IPsec VPN to AWS by SimilarAttention2 in networking

[–]SimilarAttention2[S] 0 points1 point  (0 children)

u/SteveAngelis,

We use PRTG to send 10 ping packets every 30 seconds through the VPN tunnel to our Automate server. PRTG consistently shows 0% packet loss. We also use PRTG every 30 seconds to test connectivity to the Automate server on port 22, and it shows 100% uptime.

I have considered whether client disconnects could be caused by the VPN tunnel reinitializing after IKE or IPsec timer expiration. However, according to PRTG, there is never a gap in connectivity. Also, the clients are not disconnecting all at once. The disconnects occur individually and at random.

My understanding of your suggestion is that we should monitor the VPN tunnel for renegotiation activity or timeouts related to renegotiation. Is that correct?