Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > Ignore site-to-site tunnel errors for ASA tunnels

Ignore site-to-site tunnel errors for ASA tunnels

Updated: September 13, 2017

Overview

When a monitored ASA device reports an error for a pair of source-target endpoints, the VPN Site-to-Site tunnel is marked as Down in the Orion Web Console. You can specify a list of errors that are not reflected in the tunnel's status.

Environment

  • NPM 12.2 and later

Resolution

  1. Log in to the Orion Web Console, and go to Advanced Configuration by typing the following address to your browser:

    <ip address of your orion:port>/Orion/Admin/AdvancedConfiguration/global.aspx

  2. Enter the error codes for phase 1 errors you want to ignore into the ASA.ASAIgnoredPhaseOneErrors field.
    Error code (IKE) Description
    1 other
    2 peer delete request was received
    3 contact with peer was lost
    4 local failure occurred
    5 authentication failure
    6 hash validation failure
    7 encryption failure
    8 internal error occurred
    9 system capacity failure
    10 proposal failure
    11 peer's certificate is unavailable
    12 peer's certificate was found invalid
    13 local certificate expired
    14 certificate revoke list (crl) failure
    15 peer encoding error
    16 non-existent security association
    17 operator requested termination
  3. Enter the error codes for phase 2 errors you want to ignore into the ASA.ASAIgnoredPhaseTwoErrors field.
    Error code (IPSec) Description
    1 other
    2 internal error occurred
    3 peer encoding error
    4 proposal failure
    5 protocol use failure
    6 non-existent security association
    7 decryption failure
    8 encryption failure
    9 inbound authentication failure
    10 outbound authentication failure
    11 compression failure
    12 system capacity failure
    13 peer delete request was received
    14 contact with peer was lost
    15 sequence number rolled over
    16 operator requested termination
  4. Save the Advanced Configuration settings.

When the monitored ASAs report phase 1 and phase 2 errors specified in the Advanced Configuration, the ASAs do not display as down in the Orion Web Console. The specified errors are ignored.

 

Last modified
02:24, 13 Sep 2017

Tags

Classifications

Public