cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1121
Views
0
Helpful
2
Replies

Packet drop in L2L VPN tunnel

kwokhungkenwu
Level 1
Level 1

Hi,

MY ASA5540 has 40 L2L IPsec VPN tunnels to other sites. One of tunnels has packet drop often ( but the tunnel remind up ). Called ISP and confirm its not ISP issue. Is there any method to troubleshoot the issue ? what should I look at in the configuration ? any help will be appericated.

Thanks

2 Replies 2

aghaznavi
Level 5
Level 5

Verify that ACLs and NAT configurations are Correct. Some times it may also block the traffic.

Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Kwok Hung Ken Wu,

I'm not sure that they are sending traffic by using udp/4500 or not. In case of ESP when link flapping occurred you may find something about invalid SPI.That would be a problem because the database has not been synchronized. If you're facing this please add a "crypto isakmp invalid-spi-recovery" command for testing.

HTH,

Toshi