Firewall Wizards mailing list archives
Re: Cisco ASA IKE Initiator unable to find policy
From: "Darden, Patrick S." <darden () armc org>
Date: Wed, 26 Nov 2008 09:17:45 -0500
Unless someone has a better idea, I'd have it renegotiate every X hours (x<="time it takes to zombie"). You could set it to renegotiate at 2am or whatever time is least busy. Best idea? Place a call in with Cisco TAC. --p -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of Jens Brey Sent: Wednesday, November 12, 2008 1:05 PM To: Firewall Wizards Security Mailing List Subject: [fw-wiz] Cisco ASA IKE Initiator unable to find policy Dear all, i have the following problem. I have a ASA 5520 running 8.0.4. After some time, i see the following problem. Some of the Site-to-Site VPN tunnels terminated on the device doesn't pass any traffic anymore, but the VPN tunnel itself is still up. It looks like the cryptomap looses the assignment to the ACL policy and so, i see the following messages in the Cisco log: "IKE Initiator unable to find policy" I saw this behaviour also under 8.0.3. Somebody a idea? Regards, Jens _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco ASA IKE Initiator unable to find policy Jens Brey (Nov 26)
- Re: Cisco ASA IKE Initiator unable to find policy Darden, Patrick S. (Nov 26)
- Re: Cisco ASA IKE Initiator unable to find policy Dave Love (Nov 26)
- Re: Cisco ASA IKE Initiator unable to find policy Lord Sporkton (Nov 26)