ASA 5520 SSL VPN Problem, did work, now it doesn't.

Unanswered Question
Feb 6th, 2007

We installed an ASA 5520 about 2 months ago, initially we were only using it as the SSL VPN for demo purposes. We decided to keep it and replace our current firewall. We made the change 2 weeks ago and the ASA has worked great except the SSL VPN seems to have stopped working. When we connect to it from the outside we get the secure desktop screen but when we got to login it just times out. I am getting no errors on the logging of the ASA, everything seems fine. The only changes we made to it were to change the internal IP to that of our old firewall. I tried running the built in packet tracer going from one of the VPN IP's to and internal IP and I get a rpf-violated error after two good route lookups, but I'm not sure if that is the issue or if the Packet Trace can't simulate the SSL VPN connection. Any ideas what to try ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
joe.cornelson Wed, 02/07/2007 - 07:27

Are you going through a vpn tunnel. This could be an mtu issue. There may have been something in the design (the way the other firewall was configured and how the actual physical layout was done) that the mtu issue couldn't occur.

At the remote workstation, try:

ping -f -l 1400 to the outside public IP of the firewall. If it says df bit set...lower it to 1200, 1100, 1000....lower it till your pings make it to the firewall.

Then change the mtu of your workstation to that level....ie. packet size of 800 if that is what got through. Cisco vpn client has a built in tool to easily do this....or search the web. Then try an ssl connection.

Cheers,

Jim

Actions

This Discussion