Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5510 remote access VPN stops passing traffic (partially)

Hi,

I have a strange problem afflicting all of my remote access vpn users to a 5510.  The clients include the windows cisco client (latest version), VPNC for windows, and the built-in OSx client.  All seem to be equally impacted. 

The tunnels are initiallly established and pass traffic correctly.  At some point, they stop allowing new TCP connections or pings.  An existing ssh connection is still responsive, but you cannot establish a new one and you cannot ping to an inside host.  If you cycle the vpn connection all is well again.

This happens anywhere from twice a week, to 3 times a day.  It doesn't seem to correlate with time of day, network load, or remote network.  When it happens, there's nothing in the logs on the client or server side to indicate a problem.

This is asa software version 8.4(4)1.

Any suggestions as to what the cause may be?  or the best way to track it down?

Thanks,

Chris Holt

2 REPLIES
New Member

5510 remote access VPN stops passing traffic (partially)

have you check the log on asa when this happen?

logging on

logging buffered 7

New Member

5510 remote access VPN stops passing traffic (partially)

I've turned on logging to capture to a syslog server not at level 7.  I've also managed to correlate the problem to the logout of another VPN session from (the same or a different) user behind the same NAT device (netgear wifi router/cable modem in this case, although it can vary).

So my reproducible failure case is this:

connect 2 clients from behind the same public IP. 

they both work fine.

disconnect 1 of them.

the other will be able to maintain any existing TCP connection through the VPN but not establish new ones.

now for the really wierd part:

if i reconnect the second client, then my first client is suddenly fixed!

i do have "crypto isakmp nat-traversal 20" in my config.  That was the most common answer I found regarding problems with multiple vpn users behind the same nat.

Any suggestions?

149
Views
0
Helpful
2
Replies
CreatePlease to create content