11-13-2017 12:12 AM - edited 03-12-2019 04:43 AM
I have a HQ ASA and 25-30 locations configured with both IKE1 and IKE2.
Does anyone know why this happens:
12-15 of the locations have two tunnels connect at the same time. As you see one IKE1 and one IKE2 tunnel. They each pass traffic on same crypto map, but different subnets. After reading I understand that Cisco ASA should prefer IKE2 and use IKE1 if the first is unable to negotiate.
Running version 9.8.1 on the HQ asa and different flavours on remote site. But i have seen this behaviour with other version too.
Any advice?
Thanx
11-13-2017 12:21 AM
11-13-2017 02:40 AM
They are using the same cryptomap yes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide