Managing remote access VPNs CSM 3.1 and ASA

Unanswered Question
Mar 24th, 2008


I have a distributed environment consisting of CSM 3.1 managing several ASA (5520 and 5510). I have remote access policies configured and each firewall is configured to issue an IP out of a different IP pool.

There is a different rule for each firewall to allow access to specific resources. My problem is that the RA connections seem to work occasionally.

Any thoughts?

Any assistance is greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Fri, 03/28/2008 - 12:11

Make sure that the policies are the same on the both ASA's and the clients. You can turn on debugging to check the error messages when the clients try to connect and the connections drops.

Jason Gervia Sat, 04/05/2008 - 07:28

Typically CSM (for management) is an all or nothing deal - either your configuration will work or it won't.

That being said, the previous poster is correct. The client will typically tell you why it is disconnecting or can't connect.

Go into the client and do the following:

Log --> Enable

Log --> Log Settings : set everything to '3'

Log --> Log Window

This will bring the log window up. Then try connecting and when you have a failure, look in the log around that time and see what the issue is.


This Discussion