06-19-2007 09:16 PM - edited 03-09-2019 06:13 PM
Is there any way to initiate phase 2 without sending data from an inside workstation.
Once the tunnels are up they are good to go unless they drop for an unforseen reason or if the SA's reset. The problem is that there isn't much traffic sourcing at the remote site to bring the tunnels back up if the drop however, the hub site needs to be able to reach out and touch the remote sites.
Remotes sites are configured with a static cryto map set to orginate-only and has two peers defined. The hub site is using a dynamic crypto map.
Thanks for any tips.
Solved! Go to Solution.
06-20-2007 04:40 AM
A way around this is to have a machine on the remote end or the remote pix itself use a local syslog server, ntp server etc. This traffic would bring up the tunnel without user intervention.
06-20-2007 04:40 AM
A way around this is to have a machine on the remote end or the remote pix itself use a local syslog server, ntp server etc. This traffic would bring up the tunnel without user intervention.
06-20-2007 06:03 AM
Very cool...thanks for confirming that. I actually just thought of that 5 minutes ago while making breakfast.
I'm going to run a couple tests and will be back to rate.
Thanks!
06-20-2007 06:09 AM
Great minds think alike. If you want the source to be the pix on the remote end you need to include this traffic in your crypto acls. Let me know how it goes.
06-20-2007 09:01 AM
Works Great! Thanks!
I configured the remote ASA with a non-existent NTP server using an IP at the hub site and sourced it from the inside interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: