Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
2
Replies

Site to Site VPN on HA (Active/Standby) Cluster looses routing to remote site

firewallguyadmin
Level 1
Level 1

‎08-28-2019 08:19 AM

Hey I have an HA ASA Cluster (Cisco 5525) with two remote offices using Cisco 5505 to build a VPN tunnel back to me.  Every so often (time varies a lot) I loose routing to the remote site.  The tunnel stays up and the TX / RX numbers increment but the remote end doesn't seem to the pass the traffic to the internal address.  This only happens on one of the two tunnels.

 

I can fix everything by logging out both of the tunnels about 3 times, clear the arp cache and then it all comes back.

 

Thoughts?

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎08-28-2019 09:15 AM

Couple of things to check..

1. check the the side configurauton and times

2. what is the version of ASA Code

3. if possible post the configuraiton.

 

when the connection lost and VPN UP, what is the logs and encryption and decryption counters ?

 

show crypto ipsec sa when the turnnel fail to serve

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

firewallguyadmin
Level 1
Level 1
In response to balaji.bandi

‎10-03-2019 11:46 AM

1. Both sides are set for 8 hours and the data amount is set to the default of 4608000 Kbytes.

 

I used the configuration wizard to set these up and it seemed to work just fine....initially.  The only thing I changed was disabled IKEv1.

 

 

0 Helpful
Customers Also Viewed These Support Documents