Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L tunnel appears up...

Just one of those situations I'm wondering if anyone has encountered, and they found out why it was happening, as i'm no longer able to debug this.

I have a L2L tunnel from my 5540 to a Sonicvwall 5500, which always negotiated and came up.  On my end (5540) I was allowing the remote network of 192.168.248.0/24.  As it turns out on the remote end, the Sonicwall configured by someone else, had the VPN policy for local networks set to "Local Subnets."  Local subnets included the 192.168.248.0/24 subnet, but also included their 10.0.0.0/16 network.

As I said the tunnel always manually came up, but the ipsec lifetime was set to 8 hours.  Well, after 8 hours no more traffic would pass, as if the tunnel was down, but on my ASA it always showed as up.  It wasn't until it was manually renegotiated that traffic would start passing again.

This was live production, so when I found out what was set on the remote end, I had them set local networks to only their 192 subnet.  Problem solved!

What I'm wondering and speculation is completely fine is our "network list" didn't match but the tunnel came up, and apparently only on REnegotiation was there a problem...anyone know why?

1 REPLY
New Member

L2L tunnel appears up...

Since this is now resolved without question, I'm just going to figure that creating the tunnel with a somewhat mismatched network list worked, but rekeys didn't like it

130
Views
0
Helpful
1
Replies
CreatePlease login to create content