Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1156
Views
0
Helpful
1
Replies

Uni directional Ipsec Site to site Tunnel Breakage

Ravi@2670
Level 1
Level 1

‎05-09-2019 06:52 AM

Hi All,

 

I have a site to site vpn established between ASA5525-X firewall & Meraki MX84 security Appliance

 

Configuration:

ASA end

Phase 1:

Encryption: AES 128, Authentication: pre-shared key, Hash: SHA1, Group:2, Life time:86400

Phase 2:

Encryption:esp-aes, Authentication:esp-sha-hmac , PFS: on(group 2), Lifetime(seconds):86400

Database lifetime is disabled;

 

Config on meraki also same parameters configured. ACL is mirrored.

 

Some regular intervals I am facing Unidirectional Ipsec tunnel breakdown from meraki end  but ASA end tunnel is working fine at that time.

Checked with meraki team come to a conclusion that packet had been sent to ASA but did not see the replies from ASA

 

Could you all please help me out to get out of this problem.

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎05-09-2019 07:54 PM

Hi

If these issues are occurring at regular intervals, can you run done debugs and share the output into a text file.
You can start by debugging ike and ipsec.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card