10-17-2014 10:31 PM - edited 03-11-2019 09:57 PM
hi,
i have 5 branch office and 1 head office . i am using 8.6 version in HO and 8.2 version in other branch firewall. a lot
of time i found VPN stop decrypt/encrypt packets.then i use packet tracer to allow then vpn start work automatically. please tell is there bug in 8.6 version
asa. if bug which version we should go for upgrade
regards
rajat
10-19-2014 09:50 PM
HI,
please help me to resolve this.
regards
rajat
10-20-2014 12:22 AM
Hi,
Are these all ASA devices between which you have the L2L tunnels ?
Also , have you verified the IPSEC Timeout , Keepalive messages and DPD settings on both the ends ?
Thanks and Regards,
Vibhor Amrodia
10-20-2014 01:37 AM
yes it is same
suddenly traffic stops between L2L tunnel then i need to run packet tracer
then traffic start
i identified this bug CSCun66613 in 8.6 version in open caveats but i did not find in which version this caveat is resolved .
we are running 8.6 version . which version you recommend for upgrade and branch location we are running 8.2 version
regards
rajat
10-21-2014 02:59 AM
Hi,
I am not sure if this would be the case in your issue as you run a packet tracer to get it working again.
We have some defects on this code but in them packet tracer also should not resolve the issue. I still think it has something to do with the IPSEC lifetime timer mismatch or DPD as the packet tracer will refresh this timer and this resolves the issue for you.
Thanks and Regards,
Vibhor Amrodia
10-21-2014 04:51 AM
hi,
i checked life timer configured 86400 at all end. i still do no know how to resolve wehther to go for IOS upgrade. id we go for IOS upgrade then which IOS
regards
rajat
10-21-2014 06:28 PM
Hi,
You can check this for more information:-
https://supportforums.cisco.com/document/32546/dead-peer-detection
Also , an upgrade to ASA 9.x code should be fine.
Thanks and Regards,
Vibhor Amrodia
10-21-2014 11:41 PM
hi,
actually intra vpn is also configured between head office and branch location.
head office to branch vpn ping works fine bur branch to branch vpn via head
office
the ping response between branch to branch location suddenly stops. then we run packet tracer by taking source of one branch location and destination of other branch location.
that is problem we are actually facing.please suggest your best . i appreciate for your all responses.
regards
rajat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide