Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
0
Helpful
4
Replies

ASA L2L session is normal ??

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎07-05-2019 08:16 AM - edited ‎02-21-2020 09:16 AM

20190705_234112.png20190705_231705.png20190705_231512.png

 

If you look at the L2L VPN Session, you will see nothing in the session list.

The configuration

one ASA5525 (headquarters) and two ASA5516 (branch offices) are connected
5525's outside IP is connected to Dynamic.

 

I attach running-config.

Help me plz!!!

ASA-ASAN.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to balaji.bandi

‎07-05-2019 09:44 AM - edited ‎07-15-2019 01:58 AM

The reason was simple.

L2L traffic must occur between Inside and Inside to establish a session.

I now realize that there is a timeout in the L2L session.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-05-2019 08:39 AM

Quick look done - I believe you do not have any setup for IKEv2 sessions configured.

 

Do you see any issues around ? or is this just for clarification ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to balaji.bandi

‎07-05-2019 08:53 AM

Hi. balaji.bandi.

Have you see the config I attached?

I had set up IKEv2 and had no problems so far.

I still think it's okay, but I think the VPN session is probably off for a while.

I think we need to generate L2L traffic.

However, as a remote user I do not know how to generate L2L traffic.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to JustTakeTheFirstStep

‎07-05-2019 09:12 AM - edited ‎07-05-2019 09:15 AM

if the no interesting traffic passing between that VPN - make sense it was down. - to check you can ping other side device from your allowed ACL list to see other side any decryption take place.

 

Thank you, may be missed that attachment, let me review and comment back.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to balaji.bandi

‎07-05-2019 09:44 AM - edited ‎07-15-2019 01:58 AM

The reason was simple.

L2L traffic must occur between Inside and Inside to establish a session.

I now realize that there is a timeout in the L2L session.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card