Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5500 SSL VPN issue

Were running a basis ASA 5505 with ssl vpn connections and two IPSec VPN Tunnels to outside locations.

When we're trying to connect to local LAN on de ASA 5505, all is well. However if we try to access hosts on the VPN'ed LAN ie the outside locations, these VPN Tunnels go down, even with a normal Ping.

When running a remote controle session from one of the hosts in the local LAN to the outside remote location all is well.

In mine humble opinion, somewhere in the config, a traffic filter is applied, which causes the asa to assume that another vpn has to be established.

Someone noticed this behaviour before.

6 REPLIES

Re: ASA 5500 SSL VPN issue

Johan,

I have never heard of any situtation where what you descirbe could bring down a VPN connection.

Please post the sanitised config - for review.

HTH>

New Member

Re: ASA 5500 SSL VPN issue

Hereby the config,

Somewhere in the config is a traffic filter, which redirects the traffic from sslvpn client through IP Sec VPN, in such a way that the ASA thinks he has to reinitiate this IPSEC VPN link.

ASA 5505 sanatized config.txt

Re: ASA 5500 SSL VPN issue

Try adding the below and re-test:-

access-list NAT0-INSIDE extended permit ip sslvpn any

HTH>

New Member

Re: ASA 5500 SSL VPN issue

did the above, only result we got, was that all traffic over the sslvpn tunnel causes the other IPSec tunnels to collapse.

So needless to say, we restored the original config.

Other ideas by chance

Re: ASA 5500 SSL VPN issue

It seems you have mis-configured one route.

route BACKUP-ISP xxx.xxx.112.87 255.255.255.255 xxx.xxx.73.87 1

This should be .97 and not .87. .87 is not part of your BACKUP-ISP subnet and will be routed through the 'default route' on the OUTSIDE>

route BACKUP-ISP xxx.xxx.112.87 255.255.255.255 194.151.73.97 1

Regards

Farrukh

New Member

Re: ASA 5500 SSL VPN issue

Sorry, i've tried your solution, to no avail.

I've looked in to this problem, somehow traffic from sslvpn channel is not allowed into tunnel to france of a'dam.

IPSEC S2S tunnels keep dropping, when traffic from sslvpn to france or a'dam passes.

btw thanx for your help so far

155
Views
0
Helpful
6
Replies
CreatePlease to create content