250 remote sites use ezvpn to connect back to ASA 5520. Tunnels show active but do not pass any IP traffic. The only way to resolve issue is to "clear crypto ipsec sa". Has happened twice in the last 3 days. Logs show messages of denying traffic for ex:
Probably, the cause for this issue might be congestion due to more vpn traffic. So, whenever you cleared the IPsec tunnel, it started working properly however after sometime, it will hang once it reaches the maximum handling capacity. Check the hardware specifications of the current setup, enhance its capacity for handling more traffic.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...