cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
1496
Views
0
Helpful
2
Replies
Highlighted
Beginner

Problem with L2L VPN between SA520W and ASA

We are having issues with an SA520W maintaining a VPN connection to an ASA. The connection will come up fine but if there's a problem with the Internet connection at the site with the ASA, then the only way I can get the SA520 to reconnect is to either reboot it or disable the VPN policies and re-enable them.

The issue appears to be with the SA520 not realizing that the tunnel has dropped even long after the ASA has dropped it (usually due to an ISP issue at the ASA site).If I look at the IPSec status page on the SA520, it shows that the SA is "Established" but on the ASA it doesn't even show the IKE tunnel as being established, much less the IPSec SA.

I've updated to the 2.1.51 firmware and made sure the Dead Peer Detection is enabled on the SA520, but that hasn't helped. Any ideas?

Message was edited by: Martin Gendell

Everyone's tags (5)
2 REPLIES 2
Cisco Employee

Problem with L2L VPN between SA520W and ASA

Hi mgendell,

This issue is resolved in 2.1.51 firmware. I configured site to site VPN tunnel between SA500 and ASA5510 and when the ASA WAN is down, the IPSec Status page shows SA is not established after the DPD timer expires.

I am not able to reproduce this issue. If possible, could you please provide SA500 configuration file. I would like to try to reproduce it in our lab in your configuration. Please remove / change any passwords from the configuration before sending it over.

Thanks,

Nitin Manglik.

Beginner

Problem with L2L VPN between SA520W and ASA

Hi Nitin,

I uploaded the santized config as an attachment to my original post. Thanks for your help!

Regards,

Martin