I had a client that had an issue that many Cisco VPN customers have. This customer has a VPN out to a cloud provider. The tunnel would come up, but the sessions would be reset across the tunnel at various times. When we would check the tunnel, and the tunnel would always be up. We suspected the issue was in the re-keying of the VPN tunnel. After researching around, we found the command:
“sysopt connection preserve-vpn-flows”
This commands allows the VPN to preserve the TCP state across the tunnel during re-keying. I added this statement to the tunnel, and it cleared up the drops the customer was having. If you have a VPN to a cloud provider from a Cisco ASA, make sure that this command is on your ASA.
Jason Howe, PEI