Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TRACK through IPSEC on ASA-Router

Hi

I have established a successful site-to-site VPN tunnel between Cisco ASA 5505 and 2821 IPSecRouter.

I have no problem pinging the inside address of either unit from the other.

I would like to be able to use the SLA monitor feature to ping via the tunnel, as:

I would      like to have a static routing table entry active (and thus advertised via EIGRP)      based on tracking of the SLA (i.e.      present only when the tunnel is actually up).

Having successfully used the SLA tracking feature on non-tunneled WAN to WAN IP addresses, but my tracking through VPN doesn’t work.

SLA 1 is inside to inside

SLA 2 is outside to outside

sla monitor 1

type echo protocol ipIcmpEcho 192.168.5.2 interface inside

timeout 1000

threshold 2

frequency 3

sla monitor schedule 1 life forever start-time now

sla monitor 2

type echo protocol ipIcmpEcho A.B.C.D interface outside

timeout 1000

threshold 2

frequency 3

sla monitor schedule 2 life forever start-time now

track 1 rtr 1 reachability

track 2 rtr 2 reachability

# show track

Track 1

  Response Time Reporter 1 reachability

  Reachability is Down

Track 2

  Response Time Reporter 2 reachability

  Reachability is Up

As it can be seen track one is OK, but track 2 is not.

It seems to be odd because ping through VPN is working:

# ping inside 192.168.5.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:

!!!!!

In the following example 192.168.5.2 is the inside IP of the destination side, and A.B.C.D is the outside of destination.

Any Idea

473
Views
0
Helpful
0
Replies
CreatePlease to create content