Every morning, SiteB's LAN can connect to all except 1 LAN (called as server_LAN) on the SiteA. ('sh crypto isakmp sa' shows the tunnel is build but 'sh crypto ipsec sa' shows no traffic for that server_LAN).
Now, if I start a ping from that server_LAN to SiteB's LAN, I can see the traffic going through and it shows up on 'sh crypto ipsec sa'. After that, traffic can flow from server_LAN to SiteB's LAN for the rest of day until the next morning when we have to ping from SiteA's server_LAN to SiteB again. I thought IPSec tunnel can start on either end.
The ACLs is identically reserved on both ends. Any idea what might be the problem?
Make sure that the ISAKMP and IPSEC lifetimes are identical. If they are not, only the one with smaller filetime can initiate the connection. As well, the crypto ACL must be mirror-identical. Make sure you have NAT 0 between the VPN LANs.
If doesn't work and you have routers below the devices, create a GRE/IPSEC. The GRE keepalives will keep the tunnel up.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...