VPN Delay

sgoethals1 · ‎12-16-2008

I have setup a Remote Access IPSec VPN connection to an ASA5510 appliance. I am able to establish the connection, however, there is a delay upwards of two minutes before I am able to ping anything on the internal network, or access resources. The statistics screen in the Cisco VPN client software shows packets being sent, but none received. After a couple of minutes, everything seems to work fine. I was wondering if anyone has seen this before?

I am using version 5.0.04.0300 of the VPN client. The ASA is running 8.0(3).

Any help would be appreciated.

Thanks

Scott

mike_guy29 · ‎12-16-2008

Hi,

Odd one. One thing that comes to mind could be to do with routing convergence times with a protocol such as RIP? If you are not using static routes etc but redistributing the VPN address into a dynamic routing protocol (Reverse Route Injection) it could take a while for that to converge with all devices if using RIP for example.

Just a guess at that one I am afraid.

Thanks

sgoethals1 · ‎12-16-2008

Nothing like that at all. I used the ASDM Wizard to create the configuration on the ASA5510 for the VPN connection.

I tried a test where I performed a ping -t on one of the internal addresses once the VPN connection was established. I hav 40 timeout messages before it finally made a connection.

sgoethals1 · ‎12-16-2008

Well, it look like I figured out the problem, or at least know the culprit.

I tried using the VPN client on another machine in my test network, and it worked without a hitch. Within a second or two the resources became available.

The original machine I tested with (my laptop), has the Novell client loaded on it, and I am guessing that this software is somehow causing the problem. Even though I chose to log on locally, I am guessing the fact that it's loaded is causing the problem. By the way, this is an XP machine.

Anyway, I will keep an eye on it.

Scott