05-23-2009 08:24 AM
I have a ASA 5510 in Chicago and a ASA 5505 in NY and a tunnel between the two sites. At first everything works fine then a few hours later, hosts in Chicago can't communicate with all the hosts in NY and hosts in NY cant all communicate with Chicago. After clearing the SA's I am able to contact more hosts in New York but not all, but now all and my new hosts in new York have no issue contacting servers in Chicago until a few hours later then the cycle starts again. I have attached both configs.
05-29-2009 12:31 PM
The problem might be with the IP pool assignment either through ASA/PIX or Radius server. Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address. Radius servers must be able to assign the proper IP addresses to the clients.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#vpnconn
05-29-2009 01:21 PM
What license do you have on each ASA?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: