09-25-2020 08:46 AM
So, we have a site to site VPN to serve VOIP to a remote location. The remote location has an ASA 5506-X and our main location has a Palo Alto firewall. It's a simple IPSec IKE VPN. We had the need to route multicast traffic across it, so we setup a GRE tunnel between voice routers both at the main location and remote location.
Whenever we do maintenance, or the ISP has issues and the VPN drops, once it re-establishes the GRE tunnel doesn't resume passing traffic. It shows as "up" on both voice routers. When I run a "clear connections" on the remote ASA, the tunnel starts passing traffic. I'm thinking the GRE tunnel is hanging out in the ASA as a stale connection. What would be the best way to resolve this?
Thanks!
-Mike
09-25-2020 09:32 AM
Not sure how is your ASA config, what version running, do you have any SIP inspect enabled ?
is the below command help to reset ? - test and advise.
timeout floating-conn 0:01:00
or
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
09-25-2020 09:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide