Vyos <-> Cisco ASA IPsec vpn disconnections

The issue seems to be that when the VPN times out(disconnects), the SA on the Cisco ASA says Not connected
BUT the one on the VyOS stays Active (still connected)
The Cisco ASA side re-keys (to reconnect)
And VyOS rejects as the SA on the VyOS says/is still connected

Looks like VyOS hold on to old data for quite sometime. You can check the status on the Cisco side and the tunnel is down, but when you do an ipsec status command on VyOS shortly after, the VyOS side shows that the tunnel is still up. (which is wrong)

How can i go about with this issue to avoid multiple disconnections? Thanks

What version? I had similar issues before 1.2.6 LTS.

My VyOS version is VyOS 1.3-rolling

How did you go about with that issue?

Well I had 1.2.3 something, and it was solved when I went to 1.2.6. I cannot remember the exact bug or task# unfortunately.

I have implemented Dead Peer Detection and set action to ‘restart’. But I am still having some small disconnections. Any help?

Hi Philliptk, you might want to try turning off ‘data’ rekeying on the ASA. ASA does this by default after certain volume of data. Just make sure the lifetimes are the same but disable the SA data lifetime.
This solved a lot of ASA-VyOS issues for us.