Because if traffic is detecting going both directions, that intrinsically confirms the tunnel is up, so no additional verification is necessary. That said, DPD on the ASA is sent only when no active traffic is detected. The bottom message is the oldest, and the top message is the newest. The operation of DPD is described in more detail in RFC 3706.įor what its worth, your log messages are backwards. This informs the original peer that full, two way connectivity between the peers is working just fine. Upon reception of such a message, the other peer will respond with a keep alive acknowledgement (known as " R-U-THERE-ACK"). DPD sends periodic keep alive messages (known as " R-U-THERE" messages) to the opposing peer. These messages are a part of what is known as Dead Peer Detection, or DPD. Group = remoteip, IP = remoteip, Received keep-alive of type DPD R-U-THERE (seq number 0x7056e351) The key lies here: Group = remoteip, IP = remoteip, Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0x7056e351)
What you are seeing is fully expected of an operational Site-Site VPN. I'm getting phase 1 and phase 2 completion on the other ASA 5505. I'm getting this on my ASA, and im' not sure why the remote tunnel won't work.
0 kommentar(er)
