06-11-2009 09:19 AM
Hi,
MY ASA5540 has 40 L2L IPsec VPN tunnels to other sites. One of tunnels has packet drop often ( but the tunnel remind up ). Called ISP and confirm its not ISP issue. Is there any method to troubleshoot the issue ? what should I look at in the configuration ? any help will be appericated.
Thanks
06-17-2009 02:55 PM
Verify that ACLs and NAT configurations are Correct. Some times it may also block the traffic.
Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
06-18-2009 10:39 AM
Kwok Hung Ken Wu,
I'm not sure that they are sending traffic by using udp/4500 or not. In case of ESP when link flapping occurred you may find something about invalid SPI.That would be a problem because the database has not been synchronized. If you're facing this please add a "crypto isakmp invalid-spi-recovery" command for testing.
HTH,
Toshi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide