ASA site-to-site with one host being NAT

Unanswered Question
Apr 13th, 2009
User Badges:

Dear All,

I'm setting up a site-to-site connection using two ASA: one 5505 and one 5520. The 5505 is behind a NAT.

The connection works fine for some hours/days but it will stall after some time.

I tried both L2L IPSec and EasyVPN (NEM) with the same bad results.

Both are running the latest ASA 8.04. I also tried the interim releases without luck.

I also tried using keepalive. Didn't work also. I have one dynamic crypto map on the ASA 5520. The ASA5505 is setup to use aggressive mode (otherwise it does not work). I'm using 3DES and SHA. The ASA5505 IKE is setup to send the hostname (instead of auto). I have a tunnel on the 5520 with the same name has the hostname of the 5505.

Does anyone have a similar setup that works properly 24/7? Is it possible to setup the L2L tunnel without relying on aggressive mode?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion