10-13-2020 03:36 PM
Hello, I’ve configured a IPsec tunnel between a remote site ASA and a headend ASA. The remote site ASA has 2 Internet circuits so 2 crypto maps tied to each outside interface. The headend ASA has one internet circuit with one crypto map with 2 peers. Failover is configured on the remote ASA via ip sla and tracking. Failover is working correctly and the tunnels are getting established but for the first 15 mins there are consistent flapping and then it stables out. What would be the reason for that? Is there anything I can configure on the headend ASA to flush the dead tunnel? Maybe tunnel keepalives or dead peer detecttion?
10-13-2020 06:56 PM
10-13-2020 10:56 PM
Take a look at this blog post of mine, although it is more focus on how to implement preemption with redundant site-to-site VPN tunnel, but it might be helpful in your scenario:
https://bluenetsec.com/cisco-asa-ipsec-site-to-site-vpn-preemption/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide