02-22-2021 07:41 AM
Over the last week, my tunnel to remote site stops working, random times.
Very new to ASA/Security, i come from the routing side.
After looking closely at this for a bit I noticed on the show command i don't see the remote route.
IPsec:
Tunnel ID : 40.3
Local Addr : x.x.x.0/255.255.255.240/0/0 --------------SORRY REMOVED THE LOCAL ADDR
Remote Addr : 0.0.0.0/0.0.0.0/0/0
Encryption : 3DES Hashing : SHA1
Encapsulation: Tunnel PFS Group : 2
Rekey Int (T): 28800 Seconds Rekey Left(T): 28761 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4608000 K-Bytes
Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes
Bytes Tx : 0 Bytes Rx : 0
Pkts Tx : 0 Pkts Rx : 0
But without the detail i DO see my remote session.
fw-bos0040-F-ma# sh vpn-sessiondb l2l
Session Type: LAN-to-LAN
Connection : x.x.x.x
Index : 40 IP Addr : x.x.x.x
Protocol : IKEv1 IPsec
Encryption : 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES
Hashing : MD5 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1
Bytes Tx : 3688 Bytes Rx : 0
Login Time : 10:30:12 EST Mon Feb 22 2021
Duration : 0h:03m:29s
Wondering if anyone has seen this odd behavior?
Thank you
02-22-2021 10:39 AM
This is an update to what i wrote above, end of the day, i cannot pass traffic across the VPN, i can reach the remote ASA, which tells me the tunnels is UP, but traffic will not pass across the vpn
Hope this helps
02-22-2021 11:18 AM
Maybe im not asking the right questions, but can you set the Default Route to point to the other side of the VPN tunnel and NOT the next hop of the Outside interface?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide