The issue seems to be that when the VPN times out(disconnects), the SA on the Cisco ASA says Not connected
BUT the one on the VyOS stays Active (still connected)
The Cisco ASA side re-keys (to reconnect)
And VyOS rejects as the SA on the VyOS says/is still connected
Looks like VyOS hold on to old data for quite sometime. You can check the status on the Cisco side and the tunnel is down, but when you do an ipsec status command on VyOS shortly after, the VyOS side shows that the tunnel is still up. (which is wrong)
How can i go about with this issue to avoid multiple disconnections? Thanks
Hi Philliptk, you might want to try turning off ‘data’ rekeying on the ASA. ASA does this by default after certain volume of data. Just make sure the lifetimes are the same but disable the SA data lifetime.
This solved a lot of ASA-VyOS issues for us.