Weird L2L Problem

Unanswered Question
Sep 21st, 2009
User Badges:
  • Bronze, 100 points or more

I have a site to site that was previously up and working but it is not now. An ASA is on the side I control and a PIX is on the other end. The weird thing is isakmp seems to be up but not ipsec, as below

ASA5510# sh crypto isakmp sa

IKE Peer: x.x.x.x

Type : L2L

Role : responder

Rekey : no


ASA5510# sh crypto ipsec sa peer x.x.x.x

There are no ipsec sas for peer x.x.x.x

When I try to go across the tunnel I get no matches on the acl but there are hit counts from when it was previously working and a debug seems to reveal nothing.

I find it weird that there is no output for the ipsec sa. Does anyone have any ideas? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kwillacey Tue, 09/22/2009 - 12:24
User Badges:
  • Bronze, 100 points or more

Any ideas??? Even one would be helpful, thanks.

vkumari Tue, 09/22/2009 - 15:43
User Badges:

Remove crypto map from outside interface and apply it again and then check, if still won't work then reapply the whole configurations and then check, still won't work then try to find bug for the software image.

kwillacey Tue, 09/22/2009 - 19:33
User Badges:
  • Bronze, 100 points or more

I have already tried the first two so I guess I will have to go through the bug tool kit or the open caveats for asa8.2. Thanks a lot for your response.


This Discussion