Auto Reconnect EZVPN Client in ASA to 3005 Concentrator

Matt.Fields · ‎05-08-2008

My network looks like this:

Dynamic Public IP:ISP Router:NAT<----->DHCP:ASA 5505:Private LAN

The above ASA connects back to a 3005 Concentrator using EZVPN.

The problem I am having is when the ISP connection sometimes drops, the ASA EZVPN does not instantly try to reconnect once the internet connection is reestablished. It eventually does, but sometimes it takes hours.

I know you can manually force it to reconnect by browsing to the ASA's webpage, but I don't users to have to do that all the time.

Is there a VPN connection retry command for the ASA EZVPN Client?

Also, when I power off and on the ASA, the VPN connection comes back up fine. Again, it would be ideal if users did not have to do that all the time.

Thanks

bwilmoth · ‎05-14-2008

check if 'connect auto' has been configured to automatically bring the tunnels up when down. Have a look at this bug:CSCec87805

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

srue · ‎05-14-2008

is nem enabled? split tunneling?

vpnclient nem-st-autoconnect

make sure you also have the groupname/preshared key configured, and username/passwd if using xauth.

Matt.Fields · ‎05-14-2008

Here is my vpnclient config:

vpnclient server *************

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect

vpnclient vpngroup ***** password ********

vpnclient username [domainuser] password [domainpassword]

vpnclient enable

Am I missing something? Split tunneling is specified on the Concentrator side and is working when the tunnel is connected.