Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ezvpn lost sa on the HQ

Dear Forum,

I am doing ezvpn between our HQ and the BO using network extension mode. Sometimes the HQ has no ipsec sa any more, but the BO still has one and thinks it is connected.

Wo can a sa get lost? The BO is disconnected by the ISP evry 24h :(

Best,

Christian

  • Other Security Subjects
2 REPLIES
Silver

Re: ezvpn lost sa on the HQ

The PIX EzVPN client creates SA's from its outside interface to the remote subnet(s) for management purposes. With these you can ping from the PIX itself to anything on the remote subnets, and more importantly you can connect to the PIX outside interface securely from the remote subnets. If you are doing split tunnelling it will build one of these SA's from its outside interface to each remote network in the split tunnel list.

New Member

Re: ezvpn lost sa on the HQ

Hello,

could you explain a little more what you try to explain to me?

The pix is your client, but my problem is one the server.

Thank you!

Christian

75
Views
0
Helpful
2
Replies