I have a few people who we distributed ASA 5505's to and configured vpnclient on them that connect to another ASA at the main site. The setup works fine, all their connectivity seems to work when they initiate it. However, after a while if we need to connect to the users machine over the vpn tunnel sometimes some subnets won't be able to connect out to them unless the user first initiates a connection (like a ping) from their home machine to ours or if we restart the vpn session. We can connect form other subnets that the client talks to more often (like from the subnet the dns server is on)...is there any solution to this? Here is th vpnclient config:
It is easy vpn, so the connection will always need to be initiated from the client side. The hub side can't initiate the connection towards the remote/client side.
When it says, "The ASA 5505 configured for NEM mode supports automatic tunnel initiation", that means the ASA 5505 client side can automatically initiate the tunnel without manual tunnel initiation from the ASA end. But does not mean that the hub can initiate a tunnel towards the ASA 5505 client end.
I understand the hub can't initiate the connection, however I was under the impression that the ASA would automatically initiate the connection and maintain a constant connection...which would allow two way communication. I guess that's not the case though.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :