Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
2
Replies

IPsec problem - possible fw bug 5555x

Jon Are Endrerud
Level 3
Level 3

‎04-07-2015 03:31 AM - edited ‎02-21-2020 08:10 PM

Hey everyone. I have a 5555x that is giving me strange problems again !

 

I have 40-45 ipsec's to ASA 5505, 5510, 5550 and everything works fine execpt one ipsec thats drops.  The tunnel is IKEv2 (also tried IKEv1), the tunnel can initiate from the remote site (5505), and it goes up without errors. When initiating from the 5555x it doesnt even try it seems.I've deleted all config on both endpoints, tried both IKEv1 and 2, 3DES and AES. The cryptomaps match, df-groups and so on. Also tried diffrent firmware and boot on remote site, but I suspect the error is one the 5555x.

 

I have not rebooted the 5555x yet. It was rebooted 14 days ago, when we had another bug situation. Seems like the 5555x and fw continues to be buggy and unreliable. I have a couple of 5550 that has been running for two years without any problems.

 

The firmware on the 5555x is: 9.2(2).4

 

Attached is packet-tracers from the ipsec thats fails (ipsec33.txt) and one with the same config that is working (ipsec4.txt).

 

Thanks

Jon

Please rate as helpful, if that would be the case. Thanx
Labels:
Preview file
10 KB
Preview file
8 KB
0 Helpful
2 Replies 2

Tinashe Ndhlovu
Level 1
Level 1

‎04-07-2015 01:14 PM

Hi Jon

Seems there's an ACL rule that's dropping your IPsec-tunnel-flow phase 15 on ipsec33 trace.. can you just recheck the ACLs just to make sure.

0 Helpful

Jon Are Endrerud
Level 3
Level 3

‎07-03-2015 03:34 AM

This was a bug, and now running a newer fw. Problem still exists thou, randomly on diffrent ipsec tunnels.

Please rate as helpful, if that would be the case. Thanx
0 Helpful
Customers Also Viewed These Support Documents