Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TRACK through IPSEC on ASA-Router


I have established a successful site-to-site VPN tunnel between Cisco ASA 5505 and 2821 IPSecRouter.

I have no problem pinging the inside address of either unit from the other.

I would like to be able to use the SLA monitor feature to ping via the tunnel, as:

I would      like to have a static routing table entry active (and thus advertised via EIGRP)      based on tracking of the SLA (i.e.      present only when the tunnel is actually up).

Having successfully used the SLA tracking feature on non-tunneled WAN to WAN IP addresses, but my tracking through VPN doesn’t work.

SLA 1 is inside to inside

SLA 2 is outside to outside

sla monitor 1

type echo protocol ipIcmpEcho interface inside

timeout 1000

threshold 2

frequency 3

sla monitor schedule 1 life forever start-time now

sla monitor 2

type echo protocol ipIcmpEcho A.B.C.D interface outside

timeout 1000

threshold 2

frequency 3

sla monitor schedule 2 life forever start-time now

track 1 rtr 1 reachability

track 2 rtr 2 reachability

# show track

Track 1

  Response Time Reporter 1 reachability

  Reachability is Down

Track 2

  Response Time Reporter 2 reachability

  Reachability is Up

As it can be seen track one is OK, but track 2 is not.

It seems to be odd because ping through VPN is working:

# ping inside

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


In the following example is the inside IP of the destination side, and A.B.C.D is the outside of destination.

Any Idea

CreatePlease to create content