Monitoring IPSEC Site2site tunnel with SLA MONITOR on ASA

Unanswered Question
Oct 22nd, 2009
User Badges:

I've got site-to-site IPSEC VPN tunnel between two Cisco ASA.


My ASAs have the following LAN configuration :

ASA1 : lan ip address 172.16.1.1

ASA2 : lan ip address 172.16.2.1


From ASA2, I can test the VPN tunnel by using the follogin command :

ping inside 172.16.1.1


I would like to be able to use the SLA monitor feature to ping in to the tunnel too. I try the folowing commands on ASA2 :


sla monitor 2000

type echo protocol ipIcmpEcho 172.16.1.1 interface inside

frequency 60


sla monitor schedule 2000 life forever start-time now

track 1 rtr 2000 reachability


But I've got the following error message in logs :


Routing failed to locate next hop for icmp from NP Identity Ifc:172.16.2.1/0 to inside:172.16.1.1/0


Has anyone try to do some thing like that ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion