07-05-2019 05:19 AM
Hi Team,
I have a site to site VPN configured between two ASA firewalls. And I have two ISP's (ISP1 and ISP 2)at my end for failover to support redundancy.
Issue :
The Site to Site VPN's is disconnecting frequently.
As a first step, I thought it was due to lifetime kilobytes so I have set the lifetime kilobytes to unlimited but still, I am facing the same issue.
Later one day ISP2(redundant) was down due to some reason at the ISP side for one day I didn't find any disconnections during the day.
Then I have noticed the issue exists only when two ISP is active on my ASA, I am not sure what causing the issue.
It works well when only one ISP is connected, it may be ISP1 or ISP2. VPN disconnects if both are connected to the ASA.
I am having issues with only the VPN everything else works fine.
Please help me in resolving the issue.
Solved! Go to Solution.
07-08-2019 12:30 AM
07-08-2019 01:24 AM
This is resolved after changing the SLA IP address to the ISP gateway.
Thanks for the support.
07-05-2019 06:17 AM
07-07-2019 09:46 PM
sla monitor 123
type echo protocol ipIcmpEcho 4.2.2.2 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
service sw-reset-button
07-07-2019 10:41 PM
07-07-2019 11:56 PM
It is pinging to 4.2.2.2 and I think its a default address for SLA.
I could see a few drops for 4.2.2.2, Is it something causing the issue??
Then why not it is affecting my internet communication?
Observations:
1. No drops in the internet
2. Noticed drops in the SLA IP address
3. VPN is reconnecting during the same time.
4. No drops in the remote tunnel IP address.
07-08-2019 12:30 AM
07-08-2019 01:24 AM
This is resolved after changing the SLA IP address to the ISP gateway.
Thanks for the support.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide