08-18-2008 12:04 AM - edited 02-21-2020 03:53 PM
Were running a basis ASA 5505 with ssl vpn connections and two IPSec VPN Tunnels to outside locations.
When we're trying to connect to local LAN on de ASA 5505, all is well. However if we try to access hosts on the VPN'ed LAN ie the outside locations, these VPN Tunnels go down, even with a normal Ping.
When running a remote controle session from one of the hosts in the local LAN to the outside remote location all is well.
In mine humble opinion, somewhere in the config, a traffic filter is applied, which causes the asa to assume that another vpn has to be established.
Someone noticed this behaviour before.
08-18-2008 02:04 AM
Johan,
I have never heard of any situtation where what you descirbe could bring down a VPN connection.
Please post the sanitised config - for review.
HTH>
08-18-2008 02:27 AM
08-18-2008 04:03 AM
Try adding the below and re-test:-
access-list NAT0-INSIDE extended permit ip sslvpn any
HTH>
08-19-2008 01:40 AM
did the above, only result we got, was that all traffic over the sslvpn tunnel causes the other IPSec tunnels to collapse.
So needless to say, we restored the original config.
Other ideas by chance
08-19-2008 12:22 PM
It seems you have mis-configured one route.
route BACKUP-ISP xxx.xxx.112.87 255.255.255.255 xxx.xxx.73.87 1
This should be .97 and not .87. .87 is not part of your BACKUP-ISP subnet and will be routed through the 'default route' on the OUTSIDE>
route BACKUP-ISP xxx.xxx.112.87 255.255.255.255 194.151.73.97 1
Regards
Farrukh
08-20-2008 03:22 AM
Sorry, i've tried your solution, to no avail.
I've looked in to this problem, somehow traffic from sslvpn channel is not allowed into tunnel to france of a'dam.
IPSEC S2S tunnels keep dropping, when traffic from sslvpn to france or a'dam passes.
btw thanx for your help so far
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: