ASA 5520 v7.2 - VPN site to site problem and clear command
I am getting some problems with a Site to Site VPN from the last two weeks. In some occasions it stops to send traffic through the VPN without any apparent reason. I have other VPNs that continue working fine. While it is failing I have run the command "show crypto isakmp sa" and I have found that I have two entries for the peer that is failing:
9 IKE Peer: x.x.x.x
Type: L2L Role: responder
Rekey: no State: AM_REKEY_DONE_H2
10 IKE Peer: x.x.x.x
Type: L2L Role: initiator
Rekey: yes State: MM_ACTIVE_REKEY
Any idea about what is happening?
On the other hand at the moment the only way to solve this has been using the command "clear crypto isakmp sa" but the problem is that this command clear all the entries and I lose the connectivity in all the other tunnels until the are established again. Is there any way to clear only the tunnel that has problems?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...