Hello,
I'm new here and hope my topic is in right place
Now about my problem: i have a working tunnel between Cisco ASA and Mikrotik, everything's fine until internet connection is stable, but when it's not tunnel hangs up. I think that DPD (Dead Peer Detection) not works.
When i disconnect router from the internet, remote peers and installed SA s are not deleted, after a specified time (10 secconds, 2 failures)
I hope i can find a solution here

anybody?

Need a bit more detail about your network topology and the settings on the mikrotik.

To clarify, when Internet is stable, the vpn works great? But when internet is unstable you have connection errors?

Are these clients creating the vpn connection through the wan or lan side?

NicholasMag
here is the configuration: Problem is in DPD (dead peer detection), when internet goes off, remote peer (cisco site) removes the connection and deletes installed SA s, but on Mikrotik side doesn't delete connection and SA's, they still exsist. So when internet connection is restored Mikrotik is trying to use old SA s, which already does not exists on remote site.

I turned off keepalives on Cisco, so tunnel stays in up state, even when there is no internet connection, but it's not a solution.

Look at this topic, so I dont have to rewrite all that I've wrote there
http://forum.mikrotik.com/viewtopic.php?f=2&t=66178

Look at this topic, so I dont have to rewrite all that I've wrote there
http://forum.mikrotik.com/viewtopic.php?f=2&t=66178

It didn't worked
I have DPD on (Interval-2, Maximum Failures-3) and IPsec policy level=unique, but when internet connection goes off, SA and remote peers are still there. Did i missed something?

Might be something wrong in rc5. Have you tried with 5.22?

Might be something wrong in rc5. Have you tried with 5.22?

I tryed many different versions: 5.11, 5.22, 6rc5, 6rc6, each of them does the same.