Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why VPN just work fine after system reload?

Hello

I spent a week troubleshooting an ipsec site-to-site VPN with a partner that uses Linux VPN server (freeswan probably), where phase 1 and 2 were OK but the traffic between protected networks didn't flow, no ACLs and no other restrictions. As result of packet tracer I got all OK and UP.

A crash occured when I tryed to disable isakmp police in outside interface, then I got a system reload. After that the VPN works fine with the same configuration that I had before restart.

My question is....why vpn just work after reload? Was this problem already reported, or is that a bug?

Software version is 8.2(1)

Regards,

Vinicius Kopelke

Everyone's tags (5)
4 REPLIES
New Member

Why VPN just work fine after system reload?

anyone?

Why VPN just work fine after system reload?

Hi Vinicius,

This might be an bug. But have you tried clearing the isakmp and ipsec sa's before you tried restarting the firewall. Also you can go to the next best IOS code which works just fine with the VPN and other features 8.2(5)26.

If you have tried those steps already then it should be someother problem even your memory may cause such problems.

Please do rate for the helpful posts.

By

Karthik

VIP Purple

Why VPN just work fine after system reload?

Sometimes for getting a new VPN-config to work, the crypto-map has to be removed from the interface and then be reapplied (im my oppinion that's a bug, others could say it's an unexpected feature ... ). With your reload of the ASA the crypto map was applied to the interface on startup and when the config is fine, everything works.

If I remember right, the v8.2(1) was not one of my favorite versions. On ASAs that can't be upgraded to newer versions because of the memory-requirements I feel quite comfortable with 8.2(5), but others didn't have that much luck with that release.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Why VPN just work fine after system reload?

Hello Vinicius,

Looks like you are hitting this bug:CSCtd36473

An asa running 8.2.1 not encrypting traffic, Phase 1 and 2 do get stablish, but on one side of the tunnel we cannot encapsulate and encrypt the data, that is why the VPN does not work.

A reload will fix the issue but it will do it for a moment, after I while you will have the issue so my recomendation is to upgrade.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
25981
Views
0
Helpful
4
Replies
CreatePlease login to create content