02-16-2009 11:10 AM - edited 03-11-2019 07:51 AM
Hi, I have two ASA in stateful failover. Once a month, we have a serious problem - all VPNs that are terminated on ASA is dropped, for no obvious reason, and only physically reloading primary ASA can solve the problem. We installed IPS, and also upgraded software from 7.2.2 to 7.2.4, but it is still happening. Anybody has an idea? It is a big problem. Thanks in advance
02-16-2009 11:37 AM
What are your phase 1 and 2 timeouts for your VPN tunnels? What is the output of 'sh fail' when the failure occurs?
02-16-2009 11:47 PM
All timers for VPNs are on their default values. Also, regarding failover - it is still functional when it hapenned (when all VPNs are dropped)
02-17-2009 11:45 AM
I ran into this and fixed the issue using command isakmp nat-t 25, then rebooting both ASA's.
02-18-2009 01:54 AM
Did you solved it with software version 7.2? What was the problem, by your opinion? I can not connect nat-t with dropped tunnels...
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: