Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
0
Helpful
0
Replies

Monitoring IPSEC Site2site tunnel with SLA MONITOR on ASA

vincent.monnier
Level 1
Level 1

‎10-22-2009 02:49 AM - edited ‎02-21-2020 04:21 PM

I've got site-to-site IPSEC VPN tunnel between two Cisco ASA.

My ASAs have the following LAN configuration :

ASA1 : lan ip address 172.16.1.1

ASA2 : lan ip address 172.16.2.1

From ASA2, I can test the VPN tunnel by using the follogin command :

ping inside 172.16.1.1

I would like to be able to use the SLA monitor feature to ping in to the tunnel too. I try the folowing commands on ASA2 :

sla monitor 2000

type echo protocol ipIcmpEcho 172.16.1.1 interface inside

frequency 60

sla monitor schedule 2000 life forever start-time now

track 1 rtr 2000 reachability

But I've got the following error message in logs :

Routing failed to locate next hop for icmp from NP Identity Ifc:172.16.2.1/0 to inside:172.16.1.1/0

Has anyone try to do some thing like that ?

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents