cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
310
Views
0
Helpful
2
Replies

Managing remote access VPNs CSM 3.1 and ASA

troy.bennett
Level 1
Level 1

All,

I have a distributed environment consisting of CSM 3.1 managing several ASA (5520 and 5510). I have remote access policies configured and each firewall is configured to issue an IP out of a different IP pool.

There is a different rule for each firewall to allow access to specific resources. My problem is that the RA connections seem to work occasionally.

Any thoughts?

Any assistance is greatly appreciated.

2 Replies 2

didyap
Level 6
Level 6

Make sure that the policies are the same on the both ASA's and the clients. You can turn on debugging to check the error messages when the clients try to connect and the connections drops.

Jason Gervia
Cisco Employee
Cisco Employee

Typically CSM (for management) is an all or nothing deal - either your configuration will work or it won't.

That being said, the previous poster is correct. The client will typically tell you why it is disconnecting or can't connect.

Go into the client and do the following:

Log --> Enable

Log --> Log Settings : set everything to '3'

Log --> Log Window

This will bring the log window up. Then try connecting and when you have a failure, look in the log around that time and see what the issue is.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: