Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA v9 -- IP SLA monitor of remote IP over IPsec VPN

I am trying to work around CSCsx67450 to be able to dynamically add/remove routes of connected IPsec VPN internal networks  which are being advertised to the internal LAN. To do this rather than using reverse route injection, I am trying to use static routes with an SLA ping monitor on the ASA. While I can from the console of the ASA ping the remote network from the management interface when I configure the SLA monitor to use the management interface I receive the following in the logs:

Oct 20 03:17:40 FRK1sslFW3 : %ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:10.216.84.50/0 to Management:10.115.50.1/0

 

 

For reference the management interface on the ASA has the IP 10.216.84.50 and the IP address trying to be monitored by the SLA is 10.115.50.1

The config has "management-access Management" set on the ASA.

 

Is it possible using the SLA monitor to monitor a host over an IPSec VPN which is terminated locally on an ASA?

OR

Is anyone aware of a workaround to CSCsx67450 (i.e. advertise only full connected IPSec VPN networks) which allows bi-directional VPN's as I believe the workarounds stated only allow "answer-only" VPNs?

 

Thanks

M

 

 

116
Views
0
Helpful
0
Replies
CreatePlease to create content