Unanswered Question

The EZVPN has been setup on ASA 5505 vpn back to hub ASA 5520 for awhile and it is working the way we wanted.  It was setup as tunnel everything.

Recently, I made a change to split tunneling to allow servers out to internet.  The connection is up and running but after 30 minutes or so no users able to connected to server behind the 5505.  It should triggers the interesting traffic and build the connection but it did not.  The crypto ISAKMP SA shows the connection active.  To trigger the traffic, I have to go to 5505 and ping the ip address of users LAN.

The IPSEC lifetime was increase to 84600 seconds and on the hub side the vpn idle time out and vpn session time out were set to none and still no good.

Anyone has any idea is appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion