IPSEC tunnel between ASA 5505 and ASA 5540

Unanswered Question
Aug 28th, 2007
User Badges:

We have a site-to-site VPN set up between our HQ (10.10.0.x) and a remote site (10.20.x.x). The HQ device is a ASA 5540, and the remote device is an ASA 5505. version ASA 7.2(2)

The tunnel is up and passing traffic. I can ping from any device on the HQ network to any device on the remote network. The problem is this:

I can not ping ASA 5505 LAN from HQS lan after five minutes of inactivity or no traffic between ASA 5505 and ASA 5540.

I chekced the tunnel and they are active on both ASA (remote and HQS).

My ping times out for atleast five minutes and then it started to ping again. I replicated same scenerio again .

Any idea what causing this issue. I am attaching ipsec configurations for ASA 5505 and ASA 5540

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mattiaseriksson Wed, 08/29/2007 - 05:22
User Badges:
  • Bronze, 100 points or more

Can you run a show crypto ipsec sa + show crypto isakmp sa and attach?

altaf007 Wed, 08/29/2007 - 10:57
User Badges:

It's working now. There was a NAT issue in firewall. It's been fixed . Thanks for your help


This Discussion