Solved: thank you Joe.

shinakuma123 · ‎08-31-2016

Hi Guys

I have a ASA version 9.5 (2), supports EEM.

I would like to configure EEM to reset a site to site VPN tunnel every 30 min, essentially the following commands to be run:
Action 1 = Clear crypto isakmp sa
Action 2 = Clear cryptp ipsec sa peer x.x.x.x

I would like this to be run every 30 min.

Reason for this is, our tunnel between a ASA and a checkpoint hangs every so often, clearing both phase 1 and phase 2 resolves the issue.
its a bug which no one seems to have provided a fix for permanently so would like to implement this EEM in the meantime.

I have never dealt with EEM before and not familiar with the commands or structure, can anyone advise on the commands please!!

Many thanks

Joe Clarke · ‎08-31-2016

This should work for you:

event manager applet period-event
 event timer watchdog time 1800
 action 1 cli command "clear crypto isakmp sa"
 action 2 cli command "clear crypto ipsec sa peer x.x.x.x"
 output none

View solution in original post

Joe Clarke · ‎09-03-2016

This just needs to be configured in global mode.

View solution in original post

Joe Clarke · ‎08-31-2016

This should work for you:

event manager applet period-event
 event timer watchdog time 1800
 action 1 cli command "clear crypto isakmp sa"
 action 2 cli command "clear crypto ipsec sa peer x.x.x.x"
 output none

shinakuma123 · ‎09-02-2016

thank you Joe.

Is it a matter of just configuring the above in global configuration mode? and it will run from there forth or do I have manually tell the ASA to run the script somehow?

Please let me know if anything else is required to do.

Joe Clarke · ‎09-03-2016

This just needs to be configured in global mode.

EEM script on ASA 9.5