12-19-2023 06:26 AM
Hi team, maybe who help me)
I have ASA 5525. I want to write in the event manager if the ping is not successful (Success rate is 0 percent), then you need to execute clear crypto ikev2 sa "x.x.x.x" Check available IP once every 3-5 minutes. Maybe someone will share the script. Thank you.
Solved! Go to Solution.
12-19-2023 08:21 AM
Deny IP spoof from <- this meaning ip spoof is drop icmp not tunnel is down.
Check this point
MHM
12-19-2023 08:29 AM
This is not from the fall of the tunnel, but from sticking, and you can check this only by pinging the other side of the tunnel, but this script does not do it either, because it cleans every 60 seconds and does not look at the ID. Perhaps the ID ASA-2-106016 should be specified?
12-19-2023 08:34 AM
What I share before is from Cisco Doc.
Check it.
MHM
12-19-2023 08:36 AM - edited 12-19-2023 08:36 AM
This eem check
Sla monitor LAN to LAN
MHM
12-19-2023 08:54 AM
I solved this issue with two event tasks. 1 Ping`s IP and generate ID. 2 Sees this ID restarts the tunnel
12-19-2023 09:22 AM
Glad issue is solved
Happy ending
But why two you can use frequent to config time between each sla monitor and use one EEM to detect ID of track.
Anyway it solved in end
Have a nice day
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide