We have just upgraded our ASA from a 5510 running 9.1 to a 5525 running 9.5
now we have about 25 L2L VPN tunnels running a mixture of ikev1, ikev2 with dynamic and static remote sites. these mainly used as backup links so not much traffic
With the old ASA the tunnels would always be up any re-negotiation was very quick. Now with the new ASA they go down and take a while to come up again
Are there any new commands in 9. 5 that affect L2L tunnels
On the side our Dynamic L2L tunnels are on 4G and run NAT-T (port4500). is there anyway to always negotiate using UDP 4500 instead of 500. It looks like the router tries 500 first then switches to 4500 when it uses NAT-T
Does the renogotiate affect your connectivity? If yes, you can add a ip sla to track an internal IP via the VPN so the tunnel is always up.
I would not force 4500, the protocol itself detects it quite good. In IOS there's a command to force udp nat transparency.
the network has settled down now,It does seem to work much the same, except that it does take a bit longer to re-negotiate the vpn connection, but as these are backup links it does not really matter.