I have a static site to site IPSec VPN configured between ASA and AWS. It is working fine. I have two issues:
1-SLA monitor fails to work. Even though I can ping the AWS interesting IP using private internal interface of ASA, same does not work in SLA configuration.
sla monitor 1 type echo protocol ipIcmpEcho 172.27.0.20 interface INSIDE frequency 5 sla monitor schedule 1 life forever start-time now
I get these messages logged:
Mar 12 18:35:08 fwc-04p : %ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:10.1.253.14/0 to INSIDE:172.27.0.20/0
- The two public IPs on AWS are configured as primary and backup peers on ASA. Now, since the interesting traffic is same, how can both interfaces on AWS be up at the same time ever? Traffic will only go to fist one and to second if first one cannot be reached for some reason. And I keep getting emails from Amazon that second interface is down.