New Member
•
1 Message
Continuous IPSec VPN interuptions
Greetings Comcast Community Gods/Goddesses!
One of my locations has continuous random VPN drops. Please allow me to devulge an overview of my network setup:
I run lan to lan VPN's over Comcasts network on both sides:
- Corp Office has 20/20 Comcast Ethernet w/Static IP with a Cisco ASA5516-x
- 14 Remote Locations with 15/3 Comcast Business w/Static IP with Cisco RV325
The drops are not on any schedule so it's not a key lifetime issue as drops can occur within 5 minutes of each other or 12 hours and it only drops for less than a minute. The local network isn't being overutilized as there's just 6 network devices that are in a very low traffic business. I've replaced the firewall on both ends(Corp was on an ASA5510 and my remote was a Netgear) and the vpn drops occurred the same before and after equipment changes. I've had Cisco TAC support investigate both sides and they confirmed 100% the issue is not my hardware or software configurations.
This has been going on for years since we had our remote location instaleld with the service but Comcast support has not helped me other then putting in a new used modem (Went from SMC to the Cisco DPC3939) as they state they do not support VPN over their network. The Gateway modem is bridged and setup the same as all my other locations and none are problematic besides this particular one. The Gateway modem shows it remains online while the vrp drops so Comcast simply uses this to say there's no issue with the service but I really think it's dropping packets or going down for just a few seconds enough to force the VPN tunnel to deop and rebuild.
I'm about to pull the plug with my Comcast service for either a DSL or T1 connection as I need reliability but thought I'd reach out on here before proceeding. Does anyone have any suggestions?
Thank you
Robstarusa
New Contributor
•
15 Messages
8 years ago
I have had this same issue pop up in the last 4 weeks.
My vpn bounces CONSTANTLY. I have complaints from 5 users (who live wthin 30-50 miles of me) with the SAME ISSUE & Same symptoms. Some on business like me, some on consumer broadband. This has literally worked FOR YEARS flawlessly. I'd love to find out what has changed. People on other internet providers are not having issues.
0
0
Robstarusa
New Contributor
•
15 Messages
8 years ago
I have this same issue but I found a workaround!
My setup:
Cisco ASA 5505 -> cable modem (netgear CG3000DCR) -> internet. Cable modem does the "nat" for my connection. VPN drops multiple times per day. I have a /29 static ip block, so if the cable modem sees "non-routable ips" it does the natting. This causes the issue.
The key is: DON'T LET THE CABLE MODEM DO THE NATTING.
Solution 1 (for those of you with static ips):
Cisco ASA 5505 -> Edgerouter Lite -> cable modem (CG3000DCR)
Edgerouter lite does the natting for the asa 5505 "outside" interface. Edgerouter lite has a static IP assigned so the cable modem doesn't do anything except bridge traffic:
Solution 2 (for those of you with dynamic ips -- should work but untested):
Cisco ASA 5505 -> Cable modem (CG3000DCR)
Cable modem is put into "bridge mode" (contact comcast reps here to do this for you) and the asa outside interface requests a dynamic IP. Should work.
I started to experience this and within the next week I had 4 other people at the office having the same problem.
Are you guys in the greater Chicago Metro area as well?
0
0