Our ASA5510's recently failed over, and now I have a handful of VPN clients that can connect, but not route anywhere in our network. I'm not sure the configs have been properly synced, but I do not know how to confirm.
Silly question, but do the routes from your 'internal' network to the remote VPN clients point to the old 'failed' ASA or to the new ASA? Try checking this first :-)
They point to the virtual ip address, so that doesn't change on failover. It's only happened to half a dozen people or so. They can connect, but when I monitor the traffic, nothing is being passed. Very strange.
Thanks
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
