06-13-2016 09:32 AM - edited 03-12-2019 12:52 AM
Hello, I am trying to set up SLA monitoring for the purpose of keeping a vpn tunnel up at all times. The problem is you can't specify a source IP address when configuring the SLA monitor on an ASA to send a ping to the remote end so it uses the outside interface IP address as the source, which isn't "interesting traffic" and will not bring the tunnel up. Configuring SLA monitoring using the "inside" interface will try to send that traffic out the inside interface regardless of what the routing table says. Does anyone know how to configure this? Thanks!
04-20-2018 12:16 PM
any luck on this yet? i'm interested in finding out if this is possible? thanks
04-23-2018 08:14 AM
Hello @Benjamin Saito,
I would suggest using EEM for this as workaround since as you said you cannot use the inside interface to setup the SLA monitoring, for that use EEM based on this link: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118087-technote-asa-00.html
You should be able to send the require ping through the VPN tunnel and keep the tunnel up.
HTH
Gio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide