Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
ASAs and crypto expiration
SteveThing
Hello,
This isn't a lab problem, but a real-world issue. I've got three ASA 5520s where one is the central peer (Hub) and the other two are my distant ends (Spokes). About once every 6-7 months the Hub and spokes will encounter an issue where they all rekey at the exact same time and get stuck in an MM_WAIT_MSG state until a clear crypto isakmp sa is applied on both ends. This is a problem since the spoke (distant end) is unreachable because it is stuck waiting on a rekey completion from the hub ASA.
Why does this happen and why hasn't Cisco addressed the issue with a timeout? Also, how can I go about resolving the issue?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
burbankmarc
What ASA software are you running?
SteveThing
I'm not near the devices at the moment, but I believe it is 8.2.4 K8. Whichever is the more current FIPS approved IOS.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
