Cisco 800 ISR at 2 branch locations (let call them site A and B)
One location has no VPN problems (site A), the other (site B) gets the tunnel up after both sites initiate traffic (e.g. ping). If no traffic travels through the tunnel and the VPN times out, the connection is dropped. If I ping from the central site Phase 1 and 2 are both ok. TX counters increase but no reply from the other side. The only difference is that the router at site A is behind a NAT-device and site B is connected directly to the internet.
The ASA is a replacement for an Astaro Firewall which had no problems withe the s2s VPN to both sites. I'm a bit puzzled at the moment because I've been through all the settings and everything seems ok. The tunnel works but only after a manual action at both sites.
I will add configs later but I doubt there's something in it which is missing.
Thanks in advance if you have any thoughts on this.
P.S. the ASA hasn't had a reboot since it was brought up and running, maybe........
The ISR didn't have Keepalive configurred so I added them there. Now the stange thing is. If I disconnect the tunnel and it is immediately up again and without any manual intervention at both sides packets flow through the tunnel (that was yesterday). Today. The old situation again...... :-( At the ASA tx is counting upwards, rx is still at zero.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...