cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3048
Views
5
Helpful
2
Replies

SLA monitoring for IPSec VPN tunnel

Benjamin Saito
Level 1
Level 1

Hello, I am trying to set up SLA monitoring for the purpose of keeping a vpn tunnel up at all times. The problem is you can't specify a source IP address when configuring the SLA monitor on an ASA to send a ping to the remote end so it uses the outside interface IP address as the source, which isn't "interesting traffic" and will not bring the tunnel up. Configuring SLA monitoring using the "inside" interface will try to send that traffic out the inside interface regardless of what the routing table says. Does anyone know how to configure this? Thanks!

2 Replies 2

herm
Level 1
Level 1

any luck on this yet?  i'm interested in finding out if this is possible?  thanks

GioGonza
Level 4
Level 4

Hello @Benjamin Saito,

 

I would suggest using EEM for this as workaround since as you said you cannot use the inside interface to setup the SLA monitoring, for that use EEM based on this link: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118087-technote-asa-00.html

 

You should be able to send the require ping through the VPN tunnel and keep the tunnel up. 

 

HTH

Gio

Review Cisco Networking for a $25 gift card