ASA 5510 Remote Access temporary failure

Unanswered Question
May 8th, 2009

Hi,

I have one client who have an ASA 5510 device for Remote Access and siteto-site vpn. Site-to-Site VPN work properly, but i have problems with Remote Access sessions. The device configured by the previous system administrator and to tell you honestly this i the first time i get to know an ASA from the inside.

Sthe problem is that while Site-to-Site VPN connections work properly, Remote Access connections works only temporary. Remote clients could connect to ASA, they get IP from DHCP. They could ping each other, also they could ping the servers on the other end of the site-to-site VPN, but could ping nothing from the intranet.

The interesting thing is that after i reboot the ASA they could connect again then after a lil while they cannot access anything in the intrane again the i should reboot ASA again.

Any suggestion where could i search for solution. I just hate to reboot the ASA 2-3 times a day ...

Thanks for all the help you could give to me! :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sznemeth26 Fri, 05/08/2009 - 07:11

Do you mean a show running-config result? Sure i attach to my post. If you don't mind i put '*' to the domain name and where the name of the company was.

Thanks for helping me! :)

acomiskey Fri, 05/08/2009 - 08:47

The first thing I notice is that your vpnpool should never be the same subnet as your inside network. I would start by changing the vpnpool to something other than 10.10.11.0. If you do this you will also have to change the rest of the config that references the vpn pool subnet of 10.10.11.0.

sznemeth26 Fri, 05/08/2009 - 08:59

I know the vpn pool cant be the same for sure! But this is the configuration what the previous system administrator made ... also i am not that expert in configuring Cisco devices so if you dont mind i just want it to work properly now and after they wont allways lost the connection with the intranet i will change it. :)

Do you see anything in the config what could made the error i described first?

The weird thing is that sometimes it could work properly for months ... but these days i have to restart ASA 1-2 times a day! This thing is really annoying ... btw my clue was that the problem relates to one ACL or firewall rule.

Actions

This Discussion