Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Site-2-Site Tunnel drops problem.

Reply
Thread Tools

Site-2-Site Tunnel drops problem.

 
 
TimParker
Guest
Posts: n/a
 
      04-21-2009
Hello All.

I have my Cisco ASA 5505 in our main office with a a site-2-site to
one of our remote offices with a Cisco 871 Router on the other end.
Everything works great, but.....

If the tunnel drops due to a time out over the weekend when no one is
using it, which is fine. The remote office when they attempt to
connect on Monday morning it won't bring the tunnel back on line, but
if I just ping a device in the remote office from our Main HQ it comes
right back up and everything is great.

I thought that if the tunnel dropped either side should be able to
bring it back online? I am guessing I have something configured wrong?
There currently isn't a DC in the remote location, they log on locally
to their machines and then Remote Desktop into the Main Office. It
will have a DC eventually, but licensing/timing are causing some
problems with completing that.

Thoughts?

TIA.

Tim
 
Reply With Quote
 
 
 
 
bod43
Guest
Posts: n/a
 
      04-21-2009
On 21 Apr, 15:04, TimParker <(E-Mail Removed)> wrote:
> Hello All.
>
> I have my Cisco ASA 5505 in our main office with a a site-2-site to
> one of our remote offices with a Cisco 871 Router on the other end.
> Everything works great, but.....
>
> If the tunnel drops due to a time out over the weekend when no one is
> using it, which is fine. The remote office when they attempt to
> connect on Monday morning it won't bring the tunnel back on line, but
> if I just ping a device in the remote office from our Main HQ it comes
> right back up and everything is great.
>
> I thought that if the tunnel dropped either side should be able to
> bring it back online? I am guessing I have something configured wrong?
> There currently isn't a DC in the remote location, they log on locally
> to their machines and then Remote Desktop into the Main Office. It
> will have a DC eventually, but licensing/timing are causing some
> problems with completing that.
>
> Thoughts?



If the IPSEC is being NATted perhaps the NAT needs
traffic in one specific direction to get itself going.

Or the same with some kind of firewall inspection.

I have seen your symptoms in cases where neither applied.
Did not happen often and never did figure it out.

I am pretty sure that one time I resorted to setting up
a ping (or maybe NTP just to work around the problem.

 
Reply With Quote
 
 
 
 
alexd
Guest
Posts: n/a
 
      04-21-2009
bod43 wrote:

> I am pretty sure that one time I resorted to setting up
> a ping (or maybe NTP just to work around the problem.


The OP could use an 'ip sla ...' to make sure there's always interesting
traffic going on.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
20:54:00 up 137 days, 22:04, 3 users, load average: 0.02, 0.04, 0.00
My god, said I, with my one liquid eye, am I dreaming, or am I insane?

 
Reply With Quote
 
TimParker
Guest
Posts: n/a
 
      04-21-2009
Had a different ticket open with Cisco and got them to open a
different one to take a quick look at this and apparently I had PFS on
one side but not the other. Will be testing further in the
morning.....


On Apr 21, 3:54*pm, alexd <(E-Mail Removed)> wrote:
> bod43 wrote:
> > I am pretty sure that one time I resorted to setting up
> > a ping (or maybe NTP just to work around the problem.

>
> The OP could use an 'ip sla ...' to make sure there's always interesting
> traffic going on.
>
> --
> *<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
> *20:54:00 up 137 days, 22:04, *3 users, *load average: 0.02, 0.04, 0.00
> *My god, said I, with my one liquid eye, am I dreaming, or am I insane?


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA: L2L VPN tunnel Drops Every 24 hours ankitm Cisco 0 04-26-2009 09:07 PM
Wireless Connection Drops, then connects, drops... garywi Wireless Networking 1 02-12-2009 02:26 PM
VPN tunnel drops fragments profile0104 Cisco 2 11-22-2006 06:25 PM
Split Tunnel Blocks http through tunnel but passes http around tunnel a.nonny mouse Cisco 2 09-19-2004 12:10 AM
EzVPN IOS Client with VPN3k - Tunnel Drops Matthew Melbourne Cisco 0 04-28-2004 07:09 PM



Advertisments