02-04-2022 01:20 AM
Hi,
Very recently we have upgraded ASA firmware with letest one but are facing issue with IPSEC tunnels goes down except few are up.
Please help me out to trouble shoot the issue.
Thanks,
Man
Solved! Go to Solution.
02-04-2022 01:46 AM
show run all crypto map
check the crypto map and compare with remote side i was faced issue with PFS group number was changed due to the security reason.
when upgrade the firmware pfs group 1,2 will be removed after upgrade due to the security reason.
below is the command you can reconfigure the it again.
no crypto map outside_map 1 set pfs group14
crypto map outside_map 1 set pfs group2
Thanks,
Jitendra
02-04-2022 01:27 AM
@man05681 you'll need to provide more information.
What was the original software version?
What version did you upgrade to?
Have you checked for bugs on the version you upgraded to?
If using a Policy Based VPN interesting traffic needs to be sent to keep the tunnel up, if you send traffic does the tunnel come up?
Have you checked the logs?
02-04-2022 01:36 AM
We was on the 6.0.x then upgrade 6.3.x.
If anyone has faced this issue please help.
thanks,
02-04-2022 01:45 AM - edited 02-04-2022 01:46 AM
hi
02-04-2022 01:46 AM
show run all crypto map
check the crypto map and compare with remote side i was faced issue with PFS group number was changed due to the security reason.
when upgrade the firmware pfs group 1,2 will be removed after upgrade due to the security reason.
below is the command you can reconfigure the it again.
no crypto map outside_map 1 set pfs group14
crypto map outside_map 1 set pfs group2
Thanks,
Jitendra
02-04-2022 02:43 AM
thanks for help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide