I have a site to site that was previously up and working but it is not now. An ASA is on the side I control and a PIX is on the other end. The weird thing is isakmp seems to be up but not ipsec, as below
ASA5510# sh crypto isakmp sa
IKE Peer: x.x.x.x
Type : L2L
Role : responder
Rekey : no
State : MM_ACTIVE
ASA5510# sh crypto ipsec sa peer x.x.x.x
There are no ipsec sas for peer x.x.x.x
When I try to go across the tunnel I get no matches on the acl but there are hit counts from when it was previously working and a debug seems to reveal nothing.
I find it weird that there is no output for the ipsec sa. Does anyone have any ideas? Thanks.
Remove crypto map from outside interface and apply it again and then check, if still won't work then reapply the whole configurations and then check, still won't work then try to find bug for the software image.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...