This is very strange behavior we are observing with our IPsec tunnel, we have two sites connected with cisco ASA using site-to-site VPN tunnel as per following:
[LAN-1]---------[ASA-1]-------Internet-------[ASA-2]--------[LAN-2]
We have Jenkin master on LAN-1 and some builds slave on LAN-2. In randomly by chance vpn tunnel blip out for few second, it causing jenkins disconnect to all slaves and distubes running job ( I felt like ASA sending RST packet when my tunnel blip out and that terminating all connection)
also if i have SSH connect established between LAN-1 and LAN-2 that SSH connection also got reset.
is it possible Cisco ASA send RST packet when tunnel go down for 10 second and re-initialize all SA?
I'll throw some ideas out there.
Check the tunnel uptime. Relevant commands
show crypto isakmp saandshow crypto ipsec sa peer x.x.x.x. Is it going down for sure?Can you replicate the issue by bouncing the tunnel?
clear crypto ipsec sa peer *x.x.x.x*Definitely use
sysopt connection preserve-vpn-flows. Did you enable it on both sides or perhaps just one side?Can you run a packet capture to check for RST's being sent? This
ideally is done on the host device but can also be done on the ASA
with the
capturecommand.