cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
400
Views
0
Helpful
4
Replies
Madhan Kumar
Beginner

S2S VPN ISSUE

Hi Team,

In our organization we are facing a peculiar issue. We have nearly 20 S2S vpn tunnels in our ASA 5520 box. Many times users are compalining that they are unable to reach the destination. Post toggling the particular tunnel ( Clear Cry ipsec sa peer x.x.x.x or Clear cry isa sa peer x.x.x.x) it is starting to work. This is causing production loss and valuable time for the resources.

Is there anyway where we can avoid this or is there any extra config is required to avaod this.            

Please extend your help to fix this issue permanantly.

Thanks & Regards

R.MADHANKUMAR

4 REPLIES 4
david.tran
Enthusiast

Make sure both phase I and phase II match exactly on each side.  that's a start.

Hi,

Both side the configuration are same and there is a no deviation. But still this probelm happeneing continously. This issue is happening some other tunnels also.

Expecting a solution for this.

Is isakmp keepalive enabled on peers and 5520? Usually this kind of thing may happen when one site thinks that tunnel is up, while ohter thingks it's down (due to temporary connection problem or smth). Then site that lost connection starts it again, and another, wich thinks that connection is ok and didn't delete SA (5520 in your case) drops it cause it already has SA with that peer.

Hi,

We have verified the config on both sides. The config are identitical. The issue happening once in a month or two, at that time toggling is required. Looking for a solution to avoid this permamantly as it is suddenly affecting the production and all users using the S2S vpn unable to access the destination.

Please help.

Madhankumar

Create
Recognize Your Peers
Content for Community-Ad