I am running ASA5520 with Outside, Inside, Client and Branch interfaces.
The inside interface connects to the Server farm network (192.168.0.0) only.
The client interface connects all the clients on the LAN network (172.16.0.0) to the branches (through Branch interface) and server farm with each otehr.. all these 3 interfaces ar on same security level (100).
The branch interface connets to a Border router 3825 that has all the remote brnaches on DSl and point-to-point links connecting to it.
All branches have SOHO routers 837 and connects through DSl (Data circuit) to the 3825 router at the Head office, through a VPN tunnel. the VPN config at the head office 3825 is dynamic crypto map and the branche have static with head office ip as the peer.
The problem that i am facing is .. the vpn tunnel is initiated only when a packet destined to the inside or client network is sent...
eg when a ping for network 192.168.0.0 is run only then it allows the branches to access the server farm network.
Now to connect to the client network (172.16.0.0) i have to ping again to any host on 172.16.0.0 from the branch..
my question.. since there is only one VPN tunnel from branch to head office. then why do i need to ping from the branch to 192.168.0.0 and 172.16.0.0 both seperately ?? i dont really havea problem for the 220.127.116.11. network cause everyne at the branch connects to the servers for e mail internet etc.. but 172.16.0.0. is a problem...
Cant there be a way to auto initiate the connection to 172.16.0.0 network ..... riht now i have a script running at startup on the branches that pings 172.16.0.1 ip to initiate the tunnel..
************** H E L P **************