10-08-2015 11:18 PM
hi
i am trying to keep a vpn tunnel up and avoid timout using ip sla
i have configured it so it pings a specific destination on remote subnet which is a private ip of remote subnet
This is setup so it pings from inside asa interface to the remote private subnet
this however does not work and when doing icmp trace i cannot see any packet flows. Is it because it has to pass from inside to outside and that is blocked by asas?
i mean inside interface needing to pass a packet to outside interface?
this works when i issue a ping inside "remote subnet" but not using ip sla
i cannot see the crypto packet encryption or decryption count increasing
10-09-2015 01:14 AM
or to better describe the sitatution look at below
One of our customers has multiple remote sites connected in a full mesh of Site-to-Site VPN tunnels on their ASA 5505s. For the purpose of this issue, we only care about one tunnel.
Each site has Avaya IP phones. The issue we have is that after a period of 24+ hours, the tunnel becomes "stale", and the IP phones cannot call users at other remote sites. If we manually log into the ASA and ping across the tunnel, it comes back up and the phones work great. We messed with the timeout and keepalive settings on the tunnel and it did not change anything.
So, an easy fix in my mind is to set up an SLA on each ASA to ping its peer across the tunnel every so often. We have this configured (see here) but it is not working. I enabled sla and track debug on the ASA doing the SLA and got no output. I have ICMP debug running on the peer ASA and I get no output from there either (I have terminal monitor on both as well).
It seems like the SLA just isn't turned on. However if I do a show sla monitor operational state, it says "Number of operations attempted: 90, Number of operations skipped: 89". Tried googling this and couldn't find anything.
I'm kind of at a loss here, so any help would be appreciated. Let me know if you need any further config, show, or debug output. Thanks!
10-13-2015 08:03 AM
any ones of the network experts?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide