ASA to MX VPN stops negotiating a single subnet

Nick_C
Conversationalist

ASA to MX VPN stops negotiating a single subnet

Hello,

 

Ive been experiencing some strange intermittent issues with multiple clients I manage. every once in a while they will not negotiate a single phase 2 for the VPN. I can resolve this by forcing a re-negotiation. from everything I can see, there is no reason for only one phase 2 to not negotiate. the Meraki side says the VPN is up, but the ASA side tells me which phase 2s are active, and when I try to send pings it does not negotiate the phase 2 to bring it up.

 

has anyone dealt with this before? if so were you able to resolve it?

2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal

Yes, had this and similar problems a couple of times. Nearly all were resolved by updating the ASA to a more recent or at least suggested release.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Nick_C
Conversationalist

I actually did that recently as the issue started with the phase 2 being up, but not passing traffic. at this point at least its not saying the phase2 is up, it just wont negotiate it. I upgraded the ASA's to version 9.8(4)20.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels