02-16-2009 11:10 AM - edited 03-11-2019 07:51 AM
Hi, I have two ASA in stateful failover. Once a month, we have a serious problem - all VPNs that are terminated on ASA is dropped, for no obvious reason, and only physically reloading primary ASA can solve the problem. We installed IPS, and also upgraded software from 7.2.2 to 7.2.4, but it is still happening. Anybody has an idea? It is a big problem. Thanks in advance
02-16-2009 11:37 AM
What are your phase 1 and 2 timeouts for your VPN tunnels? What is the output of 'sh fail' when the failure occurs?
02-16-2009 11:47 PM
All timers for VPNs are on their default values. Also, regarding failover - it is still functional when it hapenned (when all VPNs are dropped)
02-17-2009 11:45 AM
I ran into this and fixed the issue using command isakmp nat-t 25, then rebooting both ASA's.
02-18-2009 01:54 AM
Did you solved it with software version 7.2? What was the problem, by your opinion? I can not connect nat-t with dropped tunnels...
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide