cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
1
Replies

ASA 5505 EZVPN

ttran
Level 1
Level 1

The EZVPN has been setup on ASA 5505 vpn back to hub ASA 5520 for awhile and it is working the way we wanted.  It was setup as tunnel everything.

Recently, I made a change to split tunneling to allow servers out to internet.  The connection is up and running but after 30 minutes or so no users able to connected to server behind the 5505.  It should triggers the interesting traffic and build the connection but it did not.  The crypto ISAKMP SA shows the connection active.  To trigger the traffic, I have to go to 5505 and ping the ip address of users LAN.

The IPSEC lifetime was increase to 84600 seconds and on the hub side the vpn idle time out and vpn session time out were set to none and still no good.

Anyone has any idea is appreciated.

1 Reply 1

ttran
Level 1
Level 1

I forgot to mention I also setup the sla monitor but it did not work even manually ping same device is response.  When check the sla monitor it shown the lastest operation return code: timeout although the status is active.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: