1. Home
  2. Cisco Systems
  3. Site-2-Site Tunnel drops problem.

Site-2-Site Tunnel drops problem.

Hello All.

I have my Cisco ASA 5505 in our main office with a a site-2-site to one of our remote offices with a Cisco 871 Router on the other end. Everything works great, but.....

If the tunnel drops due to a time out over the weekend when no one is using it, which is fine. The remote office when they attempt to connect on Monday morning it won't bring the tunnel back on line, but if I just ping a device in the remote office from our Main HQ it comes right back up and everything is great.

I thought that if the tunnel dropped either side should be able to bring it back online? I am guessing I have something configured wrong? There currently isn't a DC in the remote location, they log on locally to their machines and then Remote Desktop into the Main Office. It will have a DC eventually, but licensing/timing are causing some problems with completing that.

Thoughts?

TIA.

Tim

Reply to
TimParker
Loading thread data ...

If the IPSEC is being NATted perhaps the NAT needs traffic in one specific direction to get itself going.

Or the same with some kind of firewall inspection.

I have seen your symptoms in cases where neither applied. Did not happen often and never did figure it out.

I am pretty sure that one time I resorted to setting up a ping (or maybe NTP:) just to work around the problem.

Reply to
bod43

The OP could use an 'ip sla ...' to make sure there's always interesting traffic going on.

Reply to
alexd

Had a different ticket open with Cisco and got them to open a different one to take a quick look at this and apparently I had PFS on one side but not the other. Will be testing further in the morning.....

Reply to
TimParker

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.