?
Solved

site to site tunnel not autostarting

Posted on 2016-11-10
5
Medium Priority
?
84 Views
Last Modified: 2016-11-20
hi all,
i have a site to site issue where, whenever the dsl line goes down and comes back online, my site to site tunnel does not get re established automatically.  i had to reboot the asa5506 and ping a device at the other end then, then the tunnel re establishes.
0
Comment
Question by:mwauki
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:max_the_king
ID: 41881952
Hi,
i believe that in your case rebooting ASA is useless ...
should the tunnel get orphan and need to renegotiate parameters with the other end, you might want to issue
clear crypto isakmp sa

but you probably just need to wait for interesting traffic to come up (i.e. pinging some device).

I guess vpn does not come up automatically because DSL data line still experimenting problems: by the time you wait for asa to reboot it may well be that data line gets more stable.

hope this helps
max
0
 

Author Comment

by:mwauki
ID: 41881986
LVL, thanks!

your are right rebooting is useless... but in this case, after 4hrs since the dsl stabalized, tunnel is still down.  Even pinging a device from each site does not seem to bring the tunnel back up hence the asa reboot.
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 1000 total points
ID: 41882010
before rebooting, you should take note of:
sh isakmp sa
and see in which state It is.

then you should run
debug crypto isakmp
debug crypto ipsec

and see what happens on console.

max
0
 
LVL 14

Assisted Solution

by:SIM50
SIM50 earned 1000 total points
ID: 41882117
I would also enable DPD if it is not enabled.
0
 

Author Closing Comment

by:mwauki
ID: 41894847
much appreciated...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question