08-10-2023 10:35 AM - edited 08-10-2023 10:43 AM
First time setting up a VPN to AWS and it's a little daunting. I'm less than happy about AWS just assuming that I'm going to just dump their config into my ASA. Especially with having "any" statements in the AWS config.
First, I want to deal with the tunnel keep alive issue. I have a VPN that seems to get through. I can ping through and from the other side, they can ping through to me. Great, except when the tunnel goes down they can't seem to re-establish the tunnel. It just sits at a phase 1. I ping through and it brings up phase 1 and phase 2 and everything is good again until the tunnel goes down and I've got to start the whole process over. I was looking at the IP SLA monitoring to keep the VPN active, but I've only got 2 IPs (at the exact moment) that are allowed to pass traffic through the tunnel and "interface" IP's aren't any of these IPs, so I don't think the SLA monitoring is actually working. So, working off of information from here https://community.cisco.com/t5/vpn/keep-a-vpn-tunnel-on-asa/m-p/3789508 I created an event manager, which will allow me to send a ping tcp, which will route traffic through the tunnel and in theory keep the tunnel up. My question comes with managing the event manager applet. If I add more AWS VPN tunnels in the future and I need to add more action lines to the applet, is there a way to do that in the ASDM? If not, do I just use the same "Event manager applet PingAWSHost" command and enter 'action 2 cli command "ping tcp blah blah blah"'?
thanks!
*****EDIT*****
Of course I look and look but can't find anything, post the question, and 2 min later find the answer. For anyone else that's looking in ASDM it's under Configuration > Device Management > Advanced > Embedded Event Manager
08-17-2023 02:52 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide