Periodically losing access to subnet over VPN connection

Unanswered Question
Dec 2nd, 2009
User Badges:

My organisation has a number of overseas offices.  We have a Cisco VPN 3015 Concentrator at head office.  Our overseas offices have a variety of PIX 506e and ASA 5505 which are used as VPN endpoints.


At the head office
we have two subnets - 172.168.0.0/21 and 172.16.9.0/24.  The larger subnet is the general network for users, printers etc, with two domain controllers.  172.16.9.0/24 houses the rest of our servers.


Three of our offices, one using a PIX 506e and two using ASA 5505, perdodically lose connectivity to hosts in the 172.16.9.0/24 subnet, but not to hosts in 172.16.0.0/21 network.  This can sometimes be recovered by reloading the config of the endpoint device.  Sometimes it recovers by initiating traffic (for example ssh'ing to the endpoint, then doing ping inside 172.16.9.1).  Sometimes the connection comes back by itself.


The other 8 offices do not have this problem.  I can find no significant difference in the config on the endpoints.


I'm not really sure the best steps to take to troubleshoot this further.  Has anyone else come across a problem like this?


DunxD

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
blindmind Wed, 12/02/2009 - 04:52
User Badges:

I forgot to mention that we are using EZVPN on all the endpoints.

adcorbett_2 Fri, 01/15/2010 - 05:10
User Badges:

I am having the same exact issue with 2 ASA 5520s.  I can recover the routing

by sending a packet from the endpoint using the packet tracer within ASDM.  I

didn't notice it until after I updated the ASA code to 8.0 (3).  I will be following this for an answer.

blindmind Mon, 01/18/2010 - 02:38
User Badges:

Still getting this.  After doing a ping from the inside interface to a host on the vlan concerned, it seems to stay up for 20 minutes then drop.

Actions

This Discussion

Related Content