OCI Site-To-Site VPN - Both Tunnels Are Not coming UP When Configuring Cisco ASA In Multi Context Mode
(Doc ID 3049065.1)
Last updated on SEPTEMBER 21, 2024
Applies to:
Oracle Cloud Infrastructure Site-to-Site VPN - Version N/A to N/AInformation in this document applies to any platform.
Symptoms
- Cisco Adaptive Security Appliance (ASA) Firewall is configured with two IPSec tunnels to OCI Site to Site VPN.
- Cisco ASA firewall is configured in Multi Context mode.
- IPSec connection is configured with IKEv2.
- Crypto map is configured with multiple (Backup) peer IPs.
In Cisco ASA:
- For OCI IPSec Tunnel Peer 1, both Phase-1 and Phase-2 are UP.
- For OCI IPSec Tunnel Peer 2, only Phase-1 is up and Phase-2 is Down.
In OCI :
- OCI IPSec Tunnel 1 is UP and OCI IPSec Tunnel 2 is Down with Phase-1 negotiation failures in the IPSec logs.
Changes
- Known Cisco Bug ENH: Multiple Peers support for IKEv2 - CSCud22276.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |