08-28-2019 08:19 AM
Hey I have an HA ASA Cluster (Cisco 5525) with two remote offices using Cisco 5505 to build a VPN tunnel back to me. Every so often (time varies a lot) I loose routing to the remote site. The tunnel stays up and the TX / RX numbers increment but the remote end doesn't seem to the pass the traffic to the internal address. This only happens on one of the two tunnels.
I can fix everything by logging out both of the tunnels about 3 times, clear the arp cache and then it all comes back.
Thoughts?
08-28-2019 09:15 AM
Couple of things to check..
1. check the the side configurauton and times
2. what is the version of ASA Code
3. if possible post the configuraiton.
when the connection lost and VPN UP, what is the logs and encryption and decryption counters ?
show crypto ipsec sa when the turnnel fail to serve
10-03-2019 11:46 AM
1. Both sides are set for 8 hours and the data amount is set to the default of 4608000 Kbytes.
I used the configuration wizard to set these up and it seemed to work just fine....initially. The only thing I changed was disabled IKEv1.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide