ASA 5520 SSL VPN Problem, did work, now it doesn't.
We installed an ASA 5520 about 2 months ago, initially we were only using it as the SSL VPN for demo purposes. We decided to keep it and replace our current firewall. We made the change 2 weeks ago and the ASA has worked great except the SSL VPN seems to have stopped working. When we connect to it from the outside we get the secure desktop screen but when we got to login it just times out. I am getting no errors on the logging of the ASA, everything seems fine. The only changes we made to it were to change the internal IP to that of our old firewall. I tried running the built in packet tracer going from one of the VPN IP's to and internal IP and I get a rpf-violated error after two good route lookups, but I'm not sure if that is the issue or if the Packet Trace can't simulate the SSL VPN connection. Any ideas what to try ?
Re: ASA 5520 SSL VPN Problem, did work, now it doesn't.
Are you going through a vpn tunnel. This could be an mtu issue. There may have been something in the design (the way the other firewall was configured and how the actual physical layout was done) that the mtu issue couldn't occur.
At the remote workstation, try:
ping -f -l 1400 to the outside public IP of the firewall. If it says df bit set...lower it to 1200, 1100, 1000....lower it till your pings make it to the firewall.
Then change the mtu of your workstation to that level....ie. packet size of 800 if that is what got through. Cisco vpn client has a built in tool to easily do this....or search the web. Then try an ssl connection.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :