cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26851
Views
0
Helpful
4
Replies

Why VPN just work fine after system reload?

vkopelke1
Level 1
Level 1

Hello

I spent a week troubleshooting an ipsec site-to-site VPN with a partner that uses Linux VPN server (freeswan probably), where phase 1 and 2 were OK but the traffic between protected networks didn't flow, no ACLs and no other restrictions. As result of packet tracer I got all OK and UP.

A crash occured when I tryed to disable isakmp police in outside interface, then I got a system reload. After that the VPN works fine with the same configuration that I had before restart.

My question is....why vpn just work after reload? Was this problem already reported, or is that a bug?

Software version is 8.2(1)

Regards,

Vinicius Kopelke

4 Replies 4

vkopelke1
Level 1
Level 1

anyone?

Hi Vinicius,

This might be an bug. But have you tried clearing the isakmp and ipsec sa's before you tried restarting the firewall. Also you can go to the next best IOS code which works just fine with the VPN and other features 8.2(5)26.

If you have tried those steps already then it should be someother problem even your memory may cause such problems.

Please do rate for the helpful posts.

By

Karthik

Sometimes for getting a new VPN-config to work, the crypto-map has to be removed from the interface and then be reapplied (im my oppinion that's a bug, others could say it's an unexpected feature ... ). With your reload of the ASA the crypto map was applied to the interface on startup and when the config is fine, everything works.

If I remember right, the v8.2(1) was not one of my favorite versions. On ASAs that can't be upgraded to newer versions because of the memory-requirements I feel quite comfortable with 8.2(5), but others didn't have that much luck with that release.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Vinicius,

Looks like you are hitting this bug:CSCtd36473

An asa running 8.2.1 not encrypting traffic, Phase 1 and 2 do get stablish, but on one side of the tunnel we cannot encapsulate and encrypt the data, that is why the VPN does not work.

A reload will fix the issue but it will do it for a moment, after I while you will have the issue so my recomendation is to upgrade.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: