06-21-2012 07:50 AM
Hello
I spent a week troubleshooting an ipsec site-to-site VPN with a partner that uses Linux VPN server (freeswan probably), where phase 1 and 2 were OK but the traffic between protected networks didn't flow, no ACLs and no other restrictions. As result of packet tracer I got all OK and UP.
A crash occured when I tryed to disable isakmp police in outside interface, then I got a system reload. After that the VPN works fine with the same configuration that I had before restart.
My question is....why vpn just work after reload? Was this problem already reported, or is that a bug?
Software version is 8.2(1)
Regards,
Vinicius Kopelke
07-02-2012 05:20 AM
anyone?
08-26-2012 07:30 AM
Hi Vinicius,
This might be an bug. But have you tried clearing the isakmp and ipsec sa's before you tried restarting the firewall. Also you can go to the next best IOS code which works just fine with the VPN and other features 8.2(5)26.
If you have tried those steps already then it should be someother problem even your memory may cause such problems.
Please do rate for the helpful posts.
By
Karthik
08-26-2012 06:16 AM
Sometimes for getting a new VPN-config to work, the crypto-map has to be removed from the interface and then be reapplied (im my oppinion that's a bug, others could say it's an unexpected feature ... ). With your reload of the ASA the crypto map was applied to the interface on startup and when the config is fine, everything works.
If I remember right, the v8.2(1) was not one of my favorite versions. On ASAs that can't be upgraded to newer versions because of the memory-requirements I feel quite comfortable with 8.2(5), but others didn't have that much luck with that release.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-26-2012 09:09 AM
Hello Vinicius,
Looks like you are hitting this bug:CSCtd36473
An asa running 8.2.1 not encrypting traffic, Phase 1 and 2 do get stablish, but on one side of the tunnel we cannot encapsulate and encrypt the data, that is why the VPN does not work.
A reload will fix the issue but it will do it for a moment, after I while you will have the issue so my recomendation is to upgrade.
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide