Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA5505 Site-to-Site VPN & SLA Monitor

Hello All,

I'm kind of newbie on ASA, so please be patient with me.

I have a couple of ASAs 5505 (HQ & Branch) running version 8.2(4).  They are configured with a Site-to-Site VPN over a single WAN link:

# sh crypto isa sa

   Active SA: 1

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1   IKE Peer:

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

I want to enable sla monitor on one of the devices in order to know the real status of my unique link because the interfaces sometimes don't go down, so I don't have any real statistic of failures. 

I found out several posts with the step-by-step to configure it:

After reading all the articles I have some questions that maybe someone can answer:

    1. All the information is related to dual ISP links failover.  Is there any extra-consideration for my single link scenario?
    2. I already have a static route route outside 1 so I think I have to overwrite it with something like this route outside 1 track 1. Is this correct?
    3. If so, when I overwrite it, will the S2S VPN go down and will it go up automatically?

Thanks to all in advance.

Everyone's tags (6)
Community Member

ASA5505 Site-to-Site VPN & SLA Monitor

Any idea or suggestion?

CreatePlease to create content