ASA VPN Troubleshooting Yesterday, I assisted with troubleshooting ASA VPN issues. A local ASA needed to build a site-to-site (aka L2L) IPSec VPN tunnel to a non-ASA third-party. The tunnel was not coming up. The config all appeared to be there, and the third-party said their config was in place too. It’s time to troubleshoot. …
I needed to build a VPN tunnel from Threat Defence to AWS, which seemed to work fine. Until the VPN had been up for an hour that is…
After an hour, I was getting reports of tunnel traffic dropping out. This happened regularly every hour.
After a few hours of watching debugs and discussions with TAC, the answer presented itself.
So you want to peer with a service provider. Never done it before? Overwhelmed? Don’t know where to start? If this sounds familiar, then this article is for you!
We’re going to have a look at the process of peering with an ISP. We’re not going to look too deeply into the technical details. Rather, we’ll focus more on the process.
A few weeks ago I was working on a customer’s network when I found an OSPF problem. For some reason, an ASA wouldn’t peer with a Nexus switch. To make it a bit weirder, the problem only happened on the default VRF, and only with OSPFv3. On the Nexus side, I could see the ASA neighbour, but it was stuck in INIT. On the ASA side, I couldn’t see the neighbour at all.