I am wondering if anyone is aware of any known issues connecting an ASA to a Juniper switch?
We have a remote site where we have an ASA 5505 installed set up running EzVPN. We do not have not have control/access to the internet connection or the internal infrastructure. We basically have an office within thier building. Our ASA has one of thier external IP addresses and is connected to thier Juniper switch. Our pc's/printers are patched to another Juniper switch which is uplinked to our ASA. The issue we are having is that the connection is intermittently dropping where we cannot ping the pc's/printers at the remote site through the VPN tunnel but we are still able to ping the external IP address of our remote ASA. The strange thing is that we cannot manage the ASA via SSH or ASDM using the outside interface but can ping it when this occurs. For the most part the VPN tunnel does not drop when we check the sessions at the headend although it occassionally will.
Any ideas as to what could be causing this type of issue?
Thanks in advance.
The issue with the unable to reach ( ssh or https ) the External IP but still able to ping suggests a duplicate IP address assignment by your provider in that building. The arp expiration for the ASA causes you to losse SSH access but at the same time lets you ping the device holding that same IP, now when someone from behind the ASA initiates any external connection the ASA refreshes the ARP on the upstream device and everything starts to work normally.
Now, all above is what I am thinking , i might be wrong ;-). Please have your admin look for Mac address ( arp -cache ) when you firewall is not responding to SSH but only to ping and see if it matches your ASA external interface MAC.