04-24-2017 07:22 AM - edited 03-12-2019 02:15 AM
Hi,
We have a Site A with Palo Alto (PAN) Firewall and Site B with Cisco ASA 5510. IPsec tunnel is built between these 2 sites.
In certain occasions, we have ISP B network up, but the users are experiencing no internet in Site B. As it is only a single link, the only way we did is to reboot the ASA appliance and the users are able to access internet again.
On the PAN firewall side, there is a constant ping and monitoring (DPD) to the ASA. Applications like outlook and AD servers are constantly exchanging/syncing AD information, etc. it looks like there is no VPN idle timeout for traffic traversing across the vpn tunnel.
I am confused and curious to know what is happening during these period of internet outage experienced by users at Site B, ASA Firewall as its default gateway to internet.
Is there any related case happening like this before ?
Regards
Lawrence
Solved! Go to Solution.
04-24-2017 10:44 PM
Hi,
Try to send information syslogs to syslog server in addition to the the recommendation from Singh. This might give an indication of what is happening.
The best you can do is to get console access over 3G/4G/xDSL internet during the outage to see what is wrong with the ASA.
04-24-2017 02:11 PM
Hi Lawrence,
Have you monitored the CPU and memory utilization of ASA during internet outage?
04-24-2017 10:44 PM
Hi,
Try to send information syslogs to syslog server in addition to the the recommendation from Singh. This might give an indication of what is happening.
The best you can do is to get console access over 3G/4G/xDSL internet during the outage to see what is wrong with the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide