I have one client who have an ASA 5510 device for Remote Access and siteto-site vpn. Site-to-Site VPN work properly, but i have problems with Remote Access sessions. The device configured by the previous system administrator and to tell you honestly this i the first time i get to know an ASA from the inside.
Sthe problem is that while Site-to-Site VPN connections work properly, Remote Access connections works only temporary. Remote clients could connect to ASA, they get IP from DHCP. They could ping each other, also they could ping the servers on the other end of the site-to-site VPN, but could ping nothing from the intranet.
The interesting thing is that after i reboot the ASA they could connect again then after a lil while they cannot access anything in the intrane again the i should reboot ASA again.
Any suggestion where could i search for solution. I just hate to reboot the ASA 2-3 times a day ...
The first thing I notice is that your vpnpool should never be the same subnet as your inside network. I would start by changing the vpnpool to something other than 10.10.11.0. If you do this you will also have to change the rest of the config that references the vpn pool subnet of 10.10.11.0.
I know the vpn pool cant be the same for sure! But this is the configuration what the previous system administrator made ... also i am not that expert in configuring Cisco devices so if you dont mind i just want it to work properly now and after they wont allways lost the connection with the intranet i will change it. :)
Do you see anything in the config what could made the error i described first?
The weird thing is that sometimes it could work properly for months ... but these days i have to restart ASA 1-2 times a day! This thing is really annoying ... btw my clue was that the problem relates to one ACL or firewall rule.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...