Hello everyone,

I was hoping someone might be able to give some advice/suggestion about this problem. I had been working with a customer who is running 2 sets of firewalls (one R80.30 single firewall) and other R80.30 cluster (a-p) and single box has site to site vpn with Cisco asa and works fine, no issues at all, but the cluster, site to site vpn tunnel with a different cisco asa, whenever they push policy to it, tunnel goes down and comes back on its own maybe 30 mins later. Weird thing is, we had them select "keep ike sas" option in global properties and also check "keep all connections" from connection persistence, but no luck.

I did not wish to have them change any supernet stuff in guidbedit, since Cisco never said they saw anything coming to their end with wrong network. Anyone seen this problem in R80.xx versions at all? When we did ike debug and zdebug, there were no drops and ike.elg when reviewed in ikeview, did not even show this specific tunnel (this was all when problem was happening). We are waiting for Cisco side to confirm whet exactly they see on their end when problem happens, but in the meantime, maybe someone can suggest something for us to try on CP side 🙂

Thanks a lot in advance!

By the way, we have tac case open now for 23 days and no good advice really came from it. Not sure if its still with 2nd level or with escalations.

Thanks!

Andy