cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1142
Views
0
Helpful
7
Replies

ASA stops encrypt/decrypt in site to site vpn

r.kukreja
Level 1
Level 1

hi,

 

i have  5 branch office and 1 head office . i am using 8.6 version in HO and 8.2 version in other  branch firewall. a lot

of time i found VPN stop decrypt/encrypt packets.then i use packet tracer to allow then vpn start work automatically. please tell is there bug in 8.6 version

asa. if bug which version we should go for upgrade

 

regards

rajat

7 Replies 7

r.kukreja
Level 1
Level 1

HI,

 

please help me to resolve this.

 

regards

rajat

Hi,

Are these all ASA devices between which you have the L2L tunnels ?

Also , have you verified the IPSEC Timeout , Keepalive messages and DPD settings on both the ends ?

Thanks and Regards,

Vibhor Amrodia

 

yes it is same

suddenly traffic stops between L2L tunnel then i need to run packet tracer

then traffic start

i identified this bug CSCun66613 in 8.6 version in open caveats but i did not find in which version this caveat is resolved .

 

we are running 8.6 version . which version you recommend for upgrade and branch location we are running 8.2 version

 

regards

rajat

Hi,

I am not sure if this would be the case in your issue as you run a packet tracer to get it working again.

We have some defects on this code but in them packet tracer also should not resolve the issue. I still think it has something to do with the IPSEC lifetime timer mismatch or DPD as the packet tracer will refresh this timer and this resolves the issue for you.

Thanks and Regards,

Vibhor Amrodia

hi,

 

i checked life timer configured 86400 at all end. i still do no know how to resolve wehther to go for IOS upgrade. id we go for IOS upgrade then which IOS

 

regards

rajat

Hi,

You can check this for more information:-

https://supportforums.cisco.com/document/32546/dead-peer-detection

Also , an upgrade to ASA 9.x code should be fine.

Thanks and Regards,

Vibhor Amrodia

hi,

 

actually intra vpn is also configured  between head office and branch location.

head office to branch vpn ping works fine bur branch to branch vpn via head

office

the ping response between branch to branch location suddenly stops. then we run packet tracer by taking source of one branch location and destination  of other branch location.

 

that is problem we are actually facing.please suggest your best . i appreciate for your all responses.

 

regards

rajat

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: