ASA5505 easy vpn client problem

Unanswered Question

I have a ASA5505 acting as a VPN client, peering to a easy VPN

server PIX515 with version 7.2 . I have got two problems:

1. Once the ASA5505 establishes isak SA with the PIX, clients behind

the ASA5505 lose their connections to the Internet;

2. I have configured backup server (such as another PIX515) on the

PIX515.But even when I disconnect the PIX from the net, the SA betwenn

the PIX and the ASA5505 still exist, untill I use the clear crypto isa

sa command, then the ASA5505 can connect to the backup server. What I

need is: As soon as the PIX515 is disconnected, the ASA5505 will

immediately switch the backup server without clear crypto isa sa


To the first problem, I know there is a command under group-policy

should be configured, split-tunnel-policy tunnelspecified ,but it

seams not to work.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Mon, 09/08/2008 - 02:18

for the split-tunnel make the the following acl instead of group1 acl

access-list 1 permit

then apply it to the group-policy for siplit tunnel

for second question change the tunnel keep alive time

good luck

if helpful Rate


This Discussion