Solved

site to site tunnel not autostarting

Posted on 2016-11-10
5
32 Views
Last Modified: 2016-11-20
hi all,
i have a site to site issue where, whenever the dsl line goes down and comes back online, my site to site tunnel does not get re established automatically.  i had to reboot the asa5506 and ping a device at the other end then, then the tunnel re establishes.
0
Comment
Question by:mwauki
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:max_the_king
Comment Utility
Hi,
i believe that in your case rebooting ASA is useless ...
should the tunnel get orphan and need to renegotiate parameters with the other end, you might want to issue
clear crypto isakmp sa

but you probably just need to wait for interesting traffic to come up (i.e. pinging some device).

I guess vpn does not come up automatically because DSL data line still experimenting problems: by the time you wait for asa to reboot it may well be that data line gets more stable.

hope this helps
max
0
 

Author Comment

by:mwauki
Comment Utility
LVL, thanks!

your are right rebooting is useless... but in this case, after 4hrs since the dsl stabalized, tunnel is still down.  Even pinging a device from each site does not seem to bring the tunnel back up hence the asa reboot.
0
 
LVL 15

Accepted Solution

by:
max_the_king earned 250 total points
Comment Utility
before rebooting, you should take note of:
sh isakmp sa
and see in which state It is.

then you should run
debug crypto isakmp
debug crypto ipsec

and see what happens on console.

max
0
 
LVL 13

Assisted Solution

by:SIM50
SIM50 earned 250 total points
Comment Utility
I would also enable DPD if it is not enabled.
0
 

Author Closing Comment

by:mwauki
Comment Utility
much appreciated...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now