Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Highlighted
New Member

Cisco ASA5585x

We have a 3rd party remotely monitoring our Netscalers via their management interface on ip addresses 172.30.0.51 and 172.30.0.52.  This monitoring is completed via a site to site vpn between our ASA 5585's and their peer device. 

Approximately once a week (various days, times) the 3rd party will report that our Netscalers are down because they have not received a ping reply for at least 5 mins. However, the devices are not down and any internal pings to the devices appear ok. A diagram is attached.

Is it possible that our ASA's are causing a delay in the echo reply ?  Is there any monitoring we can perform on the VPN to check the traffic ?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

You can enable the following

You can enable the following on the ASA to see if the tunnel was down at the time of the issue:
1- Get the debugs at the time of the issue 

debug cry isa 128 
debug cry ipsec 128

use a syslog server if possible.

2- Run an IP SLA from the inside of your network to the remote end to ensure that the tunnel is not going down at the time of the issue.

3- the most important thing is to check the logs for the timestamp of the last incident and see what happened there. So the question is are you using a syslog server ?

Moh,

1 REPLY
Cisco Employee

You can enable the following

You can enable the following on the ASA to see if the tunnel was down at the time of the issue:
1- Get the debugs at the time of the issue 

debug cry isa 128 
debug cry ipsec 128

use a syslog server if possible.

2- Run an IP SLA from the inside of your network to the remote end to ensure that the tunnel is not going down at the time of the issue.

3- the most important thing is to check the logs for the timestamp of the last incident and see what happened there. So the question is are you using a syslog server ?

Moh,

117
Views
5
Helpful
1
Replies
CreatePlease login to create content