I am setting up a VPN connection between a Cisco 819HW router and a Cisco ASA 5520 VPN device. The VPN tunnel will successfully form, but when I do "sh crypto session detail", I can see where outbound packets are being encrypted (enc'ed?), but inbound packets are not:
Interface: GigabitEthernet0
Uptime: 00:24:37
Session status: UP-ACTIVE
Peer: 198.101.7.85 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 198.101.7.85
Desc: (none)
Session ID: 0
IKEv1 SA: local 166.157.75.93/500 remote 198.101.7.85/500 Active
Capabilities:(none) connid:2004 lifetime:23:35:22
IPSEC FLOW: permit ip 172.16.47.0/255.255.255.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 4357138/7 hours, 35 mins
Outbound: #pkts enc'ed 280 drop 0 life (KB/Sec) 4357039/7 hours, 35 mins
If I look at the tunnel on the ASA (using ASDM) I can see where the Bytes Tx are going up, but the Bytes Rx remain at 0. We have 3 separate VPN ASAs, all 5520's, and sometimes moving the VPN connection from one ASA to another will cause the tunnel to form and work fine, sometimes even that does not work.
This Cisco 819HW router is being used in the back of an ambulance and is connected to a Sierra Wireless 4G device for its WAN connection. What seems to be happening is, the connection is up and running fine but then the 4G connection loses it's signal or the device is turned off. Once it's turned back on or regains the signal, the tunnel re-forms but stops passing 2 way traffic.
I will be setting up, for now, 13 of these devices and need to know how to reliably have the tunnel come up and pass traffic both ways. Any assistance would be appreciated.