08-19-2009 08:19 AM - edited 03-04-2019 05:47 AM
Hello, I have a DBU to provide failover for primary on a Cisco 871. When primary goes down, external modem is activated and successfully dials out and obtains IP Address. IPSec tunnel is built over DBU, but only for a few seconds, to an ASA 5540.
I can ping between ASA and 871 within these first few seconds, but then I cannot ping ASA from router or router from ASA.
When I used a PC and dialed in, it worked fine and I was able to ping between ASA nad PC for extended time.
All I got is..
==============
ip route 0.0.0.0 0.0.0.0 PRIM-GATEWAY track 10
ip route 0.0.0.0 0.0.0.0 Dialer0 250
========
This works on about 160 other sites but not on 4 site. IOS on the sites are either 12.4(15)T7 or 12.4(15)T9. The 160 other sites I have working with exactly same config also have either of two IOS on them.
Please comment.
Thanks.
08-19-2009 09:06 AM
I think you have first to confirm that all devices are actually configured the same.
I've seen cases where 0.0.225.255 looked just like 0.0.255.255 to everyone.
Then if they all are the same look into the asa.
08-19-2009 10:40 AM
Thanks for your response. They all are. Firewall also does not have any issue when the 160 other sites connect using DBU.
08-19-2009 06:03 PM
i don't recall ASA5540 has module to terminate a dial. Do you mean 871 has an external modem to do pstn dial to an access server, and then form ipsec to the ASA?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: