SPAN - ASA inside port on a 3750 switch - Time-outs

Unanswered Question
Aug 27th, 2007
User Badges:
  • Bronze, 100 points or more

Hi,


I have 2 ASAs 5520 AIP-SSM in Active/Failover mode connected to 2 3750 Switches.


The 2 3750 switches are trunked with each other & are the LAN Gateway running HSRP for the LAN. They also have a couple of VLANs & are running EIGRP ( connected to the Core switces via Gigabit Uplink )


I am spanning the Inside interface connected to the 3750 switch onto a Surfcontrol Server for url Filtering.


The moment i span the port, i start getting occasional timeouts when i ping the internal interface of the ASA 5520.


There are no errors / CRC on either the Switch / the ASA.


THe inside Interfaces are 1000 MB / Full Duplex

Can someone help me troubleshoot.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jbayuka Fri, 08/31/2007 - 10:34
User Badges:
  • Bronze, 100 points or more

I think you would need to add to disable the IDLE-TIMEOUT for the ezvpn tunnel;-

group-policy ashford-ezvpn attributes vpn-idle-timeout 0


If it does fail again, we would need a capture of the tunnel going down with the vpn debugs currently running on ASA and router.



Actions

This Discussion