I have 2 ASA5505's configured for a site to site tunnel which is all working great. The link is via cellular modem and goes down frequently. One side spots the loss of connectivity via DPD but the other does not. This means the connection does not come back because the SA's are not torn down on the side DPD seems to not be working. Identical configurations, identical firewalls, different behaviour! Can someone give guidance?
I think I found a bug...I had a continuous ping running between 2 laptops on the local area networks. If the ping was running, DPD on the side the ping was sourced from failed to realize the cloud and broken. Without the ping DPD worked as advertised. No other traffic types seemed to have this effect. This is a reproduceable issue...
where are the cisco developers when you need them!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...