cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

96
Views
0
Helpful
2
Replies
Frequent Contributor

differences noticed between ASA running 9.5 and 9.1 for L2L VPNs

We have just upgraded our ASA from a 5510 running 9.1 to a 5525 running 9.5

now we have about 25 L2L VPN tunnels running  a mixture of ikev1, ikev2 with  dynamic and static remote sites. these mainly used as backup links so not much traffic

With the old ASA the tunnels would always be up any re-negotiation was very quick. Now with the new ASA they go down and take a while to come up again

Are there any new commands in 9. 5 that affect L2L tunnels

On the side our Dynamic L2L tunnels are on 4G and run NAT-T (port4500). is there anyway to always negotiate using UDP 4500 instead of 500. It looks like the router tries 500 first then switches to 4500 when it uses NAT-T

2 REPLIES 2
Highlighted
Contributor

Does the renogotiate affect

Does the renogotiate affect your connectivity? If yes, you can add a ip sla to track an internal IP via the VPN so the tunnel is always up.

I would not force 4500, the protocol itself detects it quite good. In IOS there's a command to force udp nat transparency.

Michael Please rate all helpful posts
Frequent Contributor

the network has settled down

the network has settled down now,It does seem to work much the same, except that it does take a bit longer to re-negotiate the vpn connection, but as these are backup links it does not really matter.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here