We are having some VPN issues with our connection to the Cisco ASA 5520 device (v 8.0).
The issue is that VPN connection comes up when initiated from the OnPrem side, but this does not happen when initiated from Azure. If the VPN is up and running (having been initiated from the OnPrem side) we are able to send/receive traffic. But if it goes down, we have to get the enterprise folks to re-initiate it every single time.
The reason seems to be that the cisco ASA on the OnPrem side rejects the traffic if initiated from the Azure end. The alert message comes up as:
View Name | Security View |
Date/Time | May 20 11:43:07 |
NIC Domain | NIC |
Site | xxxxxxxxx1 |
Node | xxxxxxx-ES |
Event Category | System.Errors.Config |
Current Severity | Severe (5/5) |
Peak Severity | Severe (5/5) |
Peak Time | May 15 22:29:43 |
Trend | Up (8220.29%) |
Count | 3521 |
Device Name | ASA |
Device IP | 172.1xx.32.10 |
Device Class | FIREWALL |
Device Type | NIC Security Correlated Alerts |
Source IP | 137.116.xxx.232 (Azure Gateway IP) |
Source Name | |
Source Port | |
Destination IP | |
Destination Name | |
Destination Port | |
NIC Category | System |
Alert Category | System.Errors |
Message ID | 713122 |
Message Level | 0 |
Message Text | May 20 2013 11:43:07: %ASA-3-713122: IP = 137.116.xxx.232, Keep-alives configured on but peer does not support keep-alives (type = None) |
Alert ID | 172.1xx.32.10:63297:3239787285 |
Correlation ID | v18c3beb5-0579-4ecf-a170-22ebf82bdb3e_c1001_CRL-00125-01_201305201145106468 |
Correlation Message ID | CRL-00125-01 |
Correlation Message Level | 4 |
Correlation Message Text | Configuration Change on Security Device intercepted |
IP Match | 0 |
IP Addr 1 | |
IP Count 1 | 0 |
IP Addr 2 | |
IP Count 2 | 0 |
IP Addr 3 | |
IP Count 3 | 0 |
I have also sent an email to iaasforum@microsoft.com with detailed n/w diagrams as well as VPN configuration and debug logs.
Any input on this would be highly appreciated.
regards,
Dcd