Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

ASA5505 easy vpn client problem

zdh1207
Level 1
Level 1

‎09-07-2008 11:52 PM

I have a ASA5505 acting as a VPN client, peering to a easy VPN

server PIX515 with version 7.2 . I have got two problems:

1. Once the ASA5505 establishes isak SA with the PIX, clients behind

the ASA5505 lose their connections to the Internet;

2. I have configured backup server (such as another PIX515) on the

PIX515.But even when I disconnect the PIX from the net, the SA betwenn

the PIX and the ASA5505 still exist, untill I use the clear crypto isa

sa command, then the ASA5505 can connect to the backup server. What I

need is: As soon as the PIX515 is disconnected, the ASA5505 will

immediately switch the backup server without clear crypto isa sa

command.

To the first problem, I know there is a command under group-policy

should be configured, split-tunnel-policy tunnelspecified ,but it

seams not to work.

Labels:
Preview file
5 KB
Preview file
3 KB
0 Helpful
1 Reply 1

Marwan ALshawi
VIP Alumni
VIP Alumni

‎09-08-2008 02:18 AM

for the split-tunnel make the the following acl instead of group1 acl

access-list 1 permit 192.168.2.0

then apply it to the group-policy for siplit tunnel

for second question change the tunnel keep alive time

good luck

if helpful Rate

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents