ASA 5500 SSL VPN issue

Unanswered Question
Aug 18th, 2008

Were running a basis ASA 5505 with ssl vpn connections and two IPSec VPN Tunnels to outside locations.

When we're trying to connect to local LAN on de ASA 5505, all is well. However if we try to access hosts on the VPN'ed LAN ie the outside locations, these VPN Tunnels go down, even with a normal Ping.

When running a remote controle session from one of the hosts in the local LAN to the outside remote location all is well.

In mine humble opinion, somewhere in the config, a traffic filter is applied, which causes the asa to assume that another vpn has to be established.

Someone noticed this behaviour before.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jvansommeren Mon, 08/18/2008 - 02:27

Hereby the config,

Somewhere in the config is a traffic filter, which redirects the traffic from sslvpn client through IP Sec VPN, in such a way that the ASA thinks he has to reinitiate this IPSEC VPN link.

ASA 5505 sanatized config.txt

jvansommeren Tue, 08/19/2008 - 01:40

did the above, only result we got, was that all traffic over the sslvpn tunnel causes the other IPSec tunnels to collapse.

So needless to say, we restored the original config.

Other ideas by chance

Farrukh Haroon Tue, 08/19/2008 - 12:22

It seems you have mis-configured one route.

route BACKUP-ISP 1

This should be .97 and not .87. .87 is not part of your BACKUP-ISP subnet and will be routed through the 'default route' on the OUTSIDE>

route BACKUP-ISP 1



jvansommeren Wed, 08/20/2008 - 03:22

Sorry, i've tried your solution, to no avail.

I've looked in to this problem, somehow traffic from sslvpn channel is not allowed into tunnel to france of a'dam.

IPSEC S2S tunnels keep dropping, when traffic from sslvpn to france or a'dam passes.

btw thanx for your help so far


This Discussion