ASA v9 -- IP SLA monitor of remote IP over IPsec VPN
I am trying to work around CSCsx67450 to be able to dynamically add/remove routes of connected IPsec VPN internal networks which are being advertised to the internal LAN. To do this rather than using reverse route injection, I am trying to use static routes with an SLA ping monitor on the ASA. While I can from the console of the ASA ping the remote network from the management interface when I configure the SLA monitor to use the management interface I receive the following in the logs:
Oct 20 03:17:40 FRK1sslFW3 : %ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:10.216.84.50/0 to Management:10.115.50.1/0
For reference the management interface on the ASA has the IP 10.216.84.50 and the IP address trying to be monitored by the SLA is 10.115.50.1
The config has "management-access Management" set on the ASA.
Is it possible using the SLA monitor to monitor a host over an IPSec VPN which is terminated locally on an ASA?
Is anyone aware of a workaround to CSCsx67450 (i.e. advertise only full connected IPSec VPN networks) which allows bi-directional VPN's as I believe the workarounds stated only allow "answer-only" VPNs?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :