I have a new tunnel between two 5505s. The REPSONDER has a STATIC IP and the INITIATOR is DHCP.
Just recently this tunnel dropped and seems to have stopped passing IPSEC. It appears continuously trying to rekey.
The VPN light on the INITIATOR ASA sometimes is steady and then sometimes blinking.
This is at the RESPONDER site:
Result of the command: "show crypto isa sa"
Active SA: 1
Rekey SA: 1 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: x.y.z.z
Type : L2L Role : responder
Rekey : yes State : MM_ACTIVE_REKEY
2 IKE Peer: x.y.z.z
Type : L2L Role : responder
Rekey : no State : MM_REKEY_DONE_H2
And then at the INITIATOR end it has: MM_ACTIVE
which comes and goes with the blinking of the VPN LED at the ASA front panel.
When the VPN LED is out it will have THERE ARE NO ISAMP SAS
What is needed to clear this and get IPSEC flowing again? The tunnel seems to be 'bouncing' now.