We have site to site vpn tunnels between remote offices and a datacenter where our SNMP server is. The vpn tunnel is for management traffic. The remote sites have newly installed ASA 5506-Xs on the outside doing the routing and firewalls and the data center is using a cisco 1921 router. We've seen issues at all remote sites with these ASAs where the VPN tunnels die after a day or two and we have to reload the ASAs to get them up again. The ip sla pings dont seem to be working on the ASA so we configured them on the core switches and they are working but we still see outages on the vpn tunnels semi-frequently. Anyone else experience these issues or have recommendations for troubleshooting?
TAC has told me that the ip slas are working as expected on the ASAs and that the ip sla needs to be configured on the inside of your network because the ASA will always use the closest interface to the outside instead an inside mgmt interface IP. But this still doesn't answer the issue of the mgmt vpn tunnels dying out so often.
No comments:
Post a Comment