I have a typical ISAKMP/IKEV1 Hub-and-spoke topology.
My hub is ASA5510 and spokes are 5505.
On one of the spokes 5505 , I have two tunnels , one to the HUB and another to another SPOKE.
The tunnel to the HUB from asa 5505 is breaking as soon as some traffic gets trough, or sometimes in general. The breaks during the production hours occur every 20 minutes someties every hour. The tunnel comes back pretty fast, in a couple of minutes but still it is breaking. I have an asa846-k8 image on the spoke.
The interesting thing that the tunnel on that spoke to the other spoke is not breaking so often, but it does not have so much traffic on it, as the problematic one.
I have checked the configurations, and the tunnel settings are the same on both sides like the auth protocol, the DH group and similar.
I will post some configs here. I also have tried to use the debug crypto ikev1 but did not get anything useful there.
Learn about the rapidly evolving cyberthreat landscape and how both organizations and users can protect themselves as we transition to a forever hybrid world through a conversation with Cisco Talos Security Research Leader for Europe, Middle East, Africa,...
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...