Packets for VPN not going through the vpn tunnel

Unanswered Question
Oct 18th, 2007
User Badges:

Hi !

we have an ASA5510 for VPN and having up to 100 VPN connection. These are 90 EzVPN and 10 Site-to-Site connections. The ASA5510 is physically installed with its outside interface in a DMZ_VPN_OUTSIDE. In this DMZ we have a Pix515 as central firewall. The VPN connection are all established, so the central firewall Pix515 canÂ't "see" the real ip traffic from the vpn connection, except the encrypted packets between the peer addresses. But in the logging of the central Pix 515 we can see packets with the original subnets which normally have to be tunneled. So I think the ASA5510 does not tunneling all packets. Instead it sends the traffic through its default gateway Pix515. But I do not know know why. Does anyone have a

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

I am currently experiencing similar issues. I have about 50 EzVPN and 4 L2L connections. Randomly traffic will not tunnel thorugh some of them although the tunnel is active. My ASA is the outside connection and I am not going any other firewalls. I have tried to clear the crypto ipsec sa and cryto isakmp sa on the ASA but with no luck. It seems a complete reload is the only thing that takes care of it, which is not an acceptable solution since it happens a few times a week.

securantakra Sun, 03/02/2008 - 23:13
User Badges:

Did you have a solution for this issue? We thought that the problem was solved by a software upgrade. The ASA5510 is running 8.0.3 but the symptoms are the same.


This Discussion