Hi, With regards to the

Bobby Roberts · ‎07-13-2014

I've got a personal project that I recently upgraded one of my pix's up to a 5505. After getting the tunnel setup, I noticed that

the tunnels would not come up. and while troubleshooting the 5505 would just reboot. Now this 5055 is running tunnels just fine

to another 5505 and no issues. But after about 5 minutes of the ISAKMP tunnels trying to get up for no reason at all, the ASA would

reboot and not give a reason. I'm running syslog server here and can see that PHASE 1 is completing but having issues in phase 2

then just blows up.

When it comes back online, if I shut down the tunnel to the PIX then I won't have any issues.

I'm thinking after doing some research that I might need to not use the site configuration tool and use the CLI to specify the encription instead

of the auto.

I am going to go try that, but has anyone seen this issue before?

Jouni Forss · ‎07-13-2014

Hi,

With regards to the reboot/reload I would imagine that Cisco TAC is the only place where you could get information on why it is doing that.

If you have access to ASA softaware through cisco.com I would suggest changing to a different software level and see if it helps. You can naturally also browse online either in the Release Notes or the Bug Toolkit to see if there a bug that could explain this behaviour.

You mention that the L2L VPN never really comes up. That the Phase 2 doesnt go through? Maybe you could share the configurations at both end so we can have a look at what the problem with the Phase2 is and if we get it working we could see if the reboot/reload still happens.

I personally manage only one ASA unit that is on the same software version as your ASA and that is running L2L VPN connections. I have not seen any such problems with this ASA.

- Jouni

PIX 501(6.3) - Site to Site Tunnel - ASA 5505 (9.1) Tunnel issues (ASA Reboots)