Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5505 easy vpn client problem

I have a ASA5505 acting as a VPN client, peering to a easy VPN

server PIX515 with version 7.2 . I have got two problems:

1. Once the ASA5505 establishes isak SA with the PIX, clients behind

the ASA5505 lose their connections to the Internet;

2. I have configured backup server (such as another PIX515) on the

PIX515.But even when I disconnect the PIX from the net, the SA betwenn

the PIX and the ASA5505 still exist, untill I use the clear crypto isa

sa command, then the ASA5505 can connect to the backup server. What I

need is: As soon as the PIX515 is disconnected, the ASA5505 will

immediately switch the backup server without clear crypto isa sa


To the first problem, I know there is a command under group-policy

should be configured, split-tunnel-policy tunnelspecified ,but it

seams not to work.


Re: ASA5505 easy vpn client problem

for the split-tunnel make the the following acl instead of group1 acl

access-list 1 permit

then apply it to the group-policy for siplit tunnel

for second question change the tunnel keep alive time

good luck

if helpful Rate

CreatePlease to create content