I spent a week troubleshooting an ipsec site-to-site VPN with a partner that uses Linux VPN server (freeswan probably), where phase 1 and 2 were OK but the traffic between protected networks didn't flow, no ACLs and no other restrictions. As result of packet tracer I got all OK and UP.
A crash occured when I tryed to disable isakmp police in outside interface, then I got a system reload. After that the VPN works fine with the same configuration that I had before restart.
My question is....why vpn just work after reload? Was this problem already reported, or is that a bug?
This might be an bug. But have you tried clearing the isakmp and ipsec sa's before you tried restarting the firewall. Also you can go to the next best IOS code which works just fine with the VPN and other features 8.2(5)26.
If you have tried those steps already then it should be someother problem even your memory may cause such problems.
Sometimes for getting a new VPN-config to work, the crypto-map has to be removed from the interface and then be reapplied (im my oppinion that's a bug, others could say it's an unexpected feature ... ). With your reload of the ASA the crypto map was applied to the interface on startup and when the config is fine, everything works.
If I remember right, the v8.2(1) was not one of my favorite versions. On ASAs that can't be upgraded to newer versions because of the memory-requirements I feel quite comfortable with 8.2(5), but others didn't have that much luck with that release.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :