Re: [fw-wiz] Cisco ASA IKE Initiator unable to find policy
- From: "Darden, Patrick S." <darden@xxxxxxxx>
- Date: Wed, 26 Nov 2008 09:17:45 -0500
Unless someone has a better idea, I'd have it renegotiate every X hours (x<="time it takes to zombie"). You could set it to renegotiate at 2am or whatever time is least busy.
Best idea? Place a call in with Cisco TAC.
--p
-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Jens
Brey
Sent: Wednesday, November 12, 2008 1:05 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Cisco ASA IKE Initiator unable to find policy
Dear all,
i have the following problem. I have a ASA 5520 running 8.0.4. After
some time, i see the following problem. Some of the Site-to-Site VPN
tunnels terminated on the device doesn't pass any traffic anymore, but
the VPN tunnel itself is still up.
It looks like the cryptomap looses the assignment to the ACL policy and
so, i see the following messages in the Cisco log:
"IKE Initiator unable to find policy"
I saw this behaviour also under 8.0.3.
Somebody a idea?
Regards,
Jens
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Cisco ASA IKE Initiator unable to find policy
- From: Jens Brey
- [fw-wiz] Cisco ASA IKE Initiator unable to find policy
- Prev by Date: Re: [fw-wiz] Windows dynamic ARP
- Next by Date: Re: [fw-wiz] Windows dynamic ARP
- Previous by thread: [fw-wiz] Cisco ASA IKE Initiator unable to find policy
- Next by thread: Re: [fw-wiz] Cisco ASA IKE Initiator unable to find policy
- Index(es):
