I have a ASA5505 acting as a VPN client, peering to a easy VPN
server PIX515 with version 7.2 . I have got two problems:
1. Once the ASA5505 establishes isak SA with the PIX, clients behind
the ASA5505 lose their connections to the Internet;
2. I have configured backup server (such as another PIX515) on the
PIX515.But even when I disconnect the PIX from the net, the SA betwenn
the PIX and the ASA5505 still exist, untill I use the clear crypto isa
sa command, then the ASA5505 can connect to the backup server. What I
need is: As soon as the PIX515 is disconnected, the ASA5505 will
immediately switch the backup server without clear crypto isa sa
command.
To the first problem, I know there is a command under group-policy
should be configured, split-tunnel-policy tunnelspecified ,but it
seams not to work.