Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA based S2S VPN , Tunnel is establishing only when interesting traffic hits at remote end

Dear All,

I need your help to solve the below mentioend problem .

VPN tunnel established between Two ASA device  .   Device A and Device B

1) If Interesting traffic initiates from device A lan . traffic hits ACL . Tunel is not coming up

2) If Interesting traffic initiates from Device B LAN . Tunnel will establish  all serivces works

3) After Tunnel establishmnet from Device B . we forced to tunnel down from both ends  . again Interesting traffic initiates from Device A  surpringly tunnel

will come up .   after 2 or 3 days  ( after life time expire  86400 seconds)  traffic initiated from Device A  , tunnel will not esatblish .

(this is backup link : Intersting will not be there all time .)

verified all parametrs , everthing looks fine . below are the debug logs attached  but no more informative from the logs . kindly suggest .

Feb 02 2010 13:23:17: %ASA-7-713236: IP = 81.145.x.x, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 496

Feb 02 2010 13:23:18: %ASA-6-713219: IP = 81.x.x.x, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Feb 02 2010 13:23:18: %ASA-6-713219: IP = 81.x.x.x, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Feb 02 2010 13:23:23: %ASA-6-713219: IP = 81.x.x.x, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Feb 02 2010 13:23:25: %ASA-7-715065: IP = 81.x.x.x, IKE MM Initiator FSM error history (struct &0x1abb1e10)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG2, EV_RETRY-->MM_WAIT_MSG2, EV_TIMEOUT-->MM_WAIT_MSG2, NullEvent-->MM_SND_MSG1, EV_SND_MSG-->MM_SND_MSG1, EV_START_TMR-->MM_SND_MSG1, EV_RESEND_MSG-->MM_WAIT_MSG2, EV_RETRY

Feb 02 2010 13:23:25: %ASA-7-713906: IP = 81.x.x.x, IKE SA MM:56f95c85 terminating:  flags 0x01000022, refcnt 0, tuncnt 0

Feb 02 2010 13:23:25: %ASA-7-713906: IP = 81.x.x.x, sending delete/delete with reason message

Feb 02 2010 13:23:25: %ASA-3-713902: IP = 81.x.x.x, Removing peer from peer table failed, no match!

Feb 02 2010 13:23:25: %ASA-4-713903: IP = 81.x.x.x, Error: Unable to remove PeerTblEntry


Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ASA based S2S VPN , Tunnel is establishing only when intere

Hi, I have a similar problem long time ago. You can choose who set up the tunnel in your crypto map:

crypto map IPsec_map 1 set connection-type bidirectional

I hope this could help to solve your problem. Regards.

2 REPLIES
New Member

Re: ASA based S2S VPN , Tunnel is establishing only when intere

Hi, I have a similar problem long time ago. You can choose who set up the tunnel in your crypto map:

crypto map IPsec_map 1 set connection-type bidirectional

I hope this could help to solve your problem. Regards.

New Member

Re: ASA based S2S VPN , Tunnel is establishing only when intere

Thanks its working

9414
Views
10
Helpful
2
Replies
CreatePlease login to create content