Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
252
Views
0
Helpful
4
Replies

ASA 5512 L2L VPN tunnel troubles - No traffic to specific network (short time period)

julijan.klancnik
Level 1
Level 1

‎02-15-2016 04:06 AM

Hello,

is there anyone who issued problem like this:

we have to ASA devices and L2L tunnel between them. The tunnel is up and running, no errors. We have an ACL that filters traffic from three different Networks. Everything is working but in some moment traffic throught this tunnel stops to flow. When I've checked tunnel status:

sh crypto isakmp sa and sh crypto ipsec sa everything was o.k. I have seen State to IKE peer: MM_ACTIVE.

Then in 30 - 45 minutes everything starts to work (without intervention) and it works for a day or two and then the problem repeats.

Any suggestions would be appriciated. Thanks, Julijan

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-15-2016 05:26 PM

Smells like a software issue.

What model ASA's do you have, and what software version are you running on them?

0 Helpful

julijan.klancnik
Level 1
Level 1
In response to Philip D'Ath

‎02-15-2016 10:22 PM

We've got:

Hardware:   ASA5512

Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(2)

By the way, we have restarted our ASA device, but the issue remains.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to julijan.klancnik

‎02-16-2016 11:01 AM

In that train, 9.1(7) is the latest release, and is also a gold star release.  At a minimum and as a first step, you should at least upgrade to this release.  It has a very very long list of resolved bugs.  These are the release notes.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html

If you are a bit more adventurous I would jump to 9.5(2).  This has been working very well for me.

0 Helpful

julijan.klancnik
Level 1
Level 1
In response to Philip D'Ath

‎03-16-2016 06:40 AM

Hello, thank you for your suggestions, meanwhile (for whole month) there was no errors and no interuptions in data traffic. We didn't do anything, maybe guys on the other side took some actions that we are not aware of (I only take care of one side of tunnel).

Anyhow I do not deal with the problem anymore, if problems will occur again I Will try to upgrade ASA device to sugested IOS version. In that case I Will post the result.

0 Helpful
Customers Also Viewed These Support Documents