after an upgrade starting from ASA version 9.6.1 to 9.6.2, on reboot, the site-to-site tunnel does not come back! X_X
During the negotiation passes a message that provides an idea of the reason even if not understandable, as with the previous version was UP without problems:
Group = ip.ip.ip.ip, IP = ip.ip.ip.ip, L2L Authorization Failed - check your group-policy.
AAA unable to complete the request Error : reason = Access hours restrictions in effect : user = ip.ip.ip.ip
Why? I have not set any restrictions, what did this version update? I also tried to remove the tunnels from the configuration, restoring the same as usual but the problem persists!
Does anyone have an idea on what to do?
Try performing a "show running all" and look at the group-policy DfltGrpPolicy attributes.
Also look at the tunnel-group DefaultL2LGroup general-attributes and check if it refers to a different group-policy.
Last, check at your specific tunnel-groups and check if they refer to a different group-policy.
ASDM does not show me the hourly limitations in L2 tunnel, however, yes there is a limit in DflGrpPolicy (It has always been there); this night I try it this way, let's see if I can leave everything else...
group-policy GroupPolicy_ip.ip.ip.ip attributes
Meanwhile, thank you for putting me on the right track!