We have IPSec tunnel between 2 sites.
Hub Site: Cisco ASA 5515
Remote Site: Cisco FTD 1010 running on ASA image.
We recently upgraded our IPSec tunnel from ikev1 to ikev2. The tunnel was working fine for 2 days and suddenly stopped working.
Both the sites shows tunnel status is UP-active, but we cannot access any server behind both these sites.
Hub Site
2508575053 zz.zz.zz.zz/500 yy.yy.yy.yy/500 READY RESPONDER
Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/66 sec
Child sa: local selector 10.15.0.0/0 - 10.15.15.255/65535
remote selector 192.168.190.0/0 - 192.168.190.255/65535
ESP spi in/out: 0xd1b2a5e3/0xf9a9ff67
Remote Site:
sh crypto isakmp sa
There are no IKEv1 SAs
IKEv2 SAs:
Session-id:2, Status:UP-ACTIVE, IKE count:1, CHILD count:1
Tunnel-id Local Remote Status Role
35786429 yy.yy.yy.yy/500 zz.zz.zz.zz/500 READY INITIATOR
Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/68 sec
Child sa: local selector 192.168.190.0/0 - 192.168.190.255/65535
remote selector 10.15.0.0/0 - 10.15.15.255/65535
ESP spi in/out: 0xf9d9e2c7/0x6fcf6ed3