Weird L2L Problem

Unanswered Question
Sep 21st, 2009

I have a site to site that was previously up and working but it is not now. An ASA is on the side I control and a PIX is on the other end. The weird thing is isakmp seems to be up but not ipsec, as below

ASA5510# sh crypto isakmp sa

IKE Peer: x.x.x.x

Type : L2L

Role : responder

Rekey : no

State : MM_ACTIVE

ASA5510# sh crypto ipsec sa peer x.x.x.x

There are no ipsec sas for peer x.x.x.x

When I try to go across the tunnel I get no matches on the acl but there are hit counts from when it was previously working and a debug seems to reveal nothing.

I find it weird that there is no output for the ipsec sa. Does anyone have any ideas? Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkumari Tue, 09/22/2009 - 15:43

Remove crypto map from outside interface and apply it again and then check, if still won't work then reapply the whole configurations and then check, still won't work then try to find bug for the software image.

kwillacey Tue, 09/22/2009 - 19:33

I have already tried the first two so I guess I will have to go through the bug tool kit or the open caveats for asa8.2. Thanks a lot for your response.

Actions

This Discussion