Cisco ASA 5505 vpn-sessiondb no remote route

Chris Lane · ‎02-22-2021

Over the last week, my tunnel to remote site stops working, random times.

Very new to ASA/Security, i come from the routing side.

After looking closely at this for a bit I noticed on the show command i don't see the remote route.

IPsec:
Tunnel ID : 40.3
Local Addr : x.x.x.0/255.255.255.240/0/0 --------------SORRY REMOVED THE LOCAL ADDR
Remote Addr : 0.0.0.0/0.0.0.0/0/0
Encryption : 3DES Hashing : SHA1
Encapsulation: Tunnel PFS Group : 2
Rekey Int (T): 28800 Seconds Rekey Left(T): 28761 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4608000 K-Bytes
Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes
Bytes Tx : 0 Bytes Rx : 0
Pkts Tx : 0 Pkts Rx : 0

But without the detail i DO see my remote session.

fw-bos0040-F-ma# sh vpn-sessiondb l2l

Session Type: LAN-to-LAN

Connection : x.x.x.x
Index : 40 IP Addr : x.x.x.x
Protocol : IKEv1 IPsec
Encryption : 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES
Hashing : MD5 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1
Bytes Tx : 3688 Bytes Rx : 0
Login Time : 10:30:12 EST Mon Feb 22 2021
Duration : 0h:03m:29s

Wondering if anyone has seen this odd behavior?

Thank you

Chris Lane · ‎02-22-2021

This is an update to what i wrote above, end of the day, i cannot pass traffic across the VPN, i can reach the remote ASA, which tells me the tunnels is UP, but traffic will not pass across the vpn

Hope this helps

Chris Lane · ‎02-22-2021

Maybe im not asking the right questions, but can you set the Default Route to point to the other side of the VPN tunnel and NOT the next hop of the Outside interface?