08-18-2018 02:23 PM - edited 02-21-2020 09:26 PM
Hi,
I have configured an IPSEC VPN site-to-site betwwen two ASA 5506 and were working well for months but yesterday i realize that the tunnel is down, i did not change any configuration, i restart both devices but tunnel is still not working and when i try # sh crypto ipsec sa or # sh crypto ikev1 sa , the answer is " There are no IPSEC SAs" or "There are no Ikev1 SAs" . What could be happing ?.
08-18-2018 02:30 PM
Check the both the side configuration phase 1 and phase 2 configuration.
Enable debug and check the logs.
08-18-2018 02:48 PM
Thanks for the response! , how can we do that? , could you please write the commands?
08-18-2018 03:48 PM
show run on both the ASA and check the VPN part of config. make sure Phase1 and Phase2 config matches and also ACL for the interested traffic.
08-18-2018 04:11 PM
I have already checked them twice and they are ok , i have not changed any configuration lately ....
08-19-2018 01:01 AM
Then do you have IP reach-ability between these site.
1. check site to site Iip able to ping.
2. Verify the Config.(any key issue).
3. check show crypt (phase 1 and Phase 2)
4. enable debug and see any logs(which can give you indication what is the issue).
refer below document :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide