Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
1
Replies

IPSEC site to site VPN, multiple VLAN intermittent

J_Vansen_S
Level 3
Level 3

‎03-21-2016 02:03 AM - edited ‎02-21-2020 08:44 PM

hi all,

We have a simple Site to Site VPN using ipsec between 2 units of Cisco ASA.

CIsco ASA 5585 (HQ) and CIsco ASA 5555(Remote Site)

On my remote site, i have multiple vlans. We are having user complains saying that a few of the user vlans tunnel across no longer works after running for awhile.

Eg VLAN 50, 51,55 works, and VLAN 52,60 does not work.

We have configured to pass all the said vlans as interesting traffic.

When we sent out engineers down. It seems like the workaround is to ping to any VLAN network across to HQ, and the tunnel will be up automatically.

What could be the cause of the problem?

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎03-21-2016 03:08 AM

Hi,

It depends on the NAT and the VPN config on the device.

If you are using a dynamic NAT then tunnel would only initiated by the source subnet.

Also could you share the relevant config for the affected tunnel ?

Regards,

Aditya

please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents