Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5505 EasyVPN client fails to detect broken VPN tunnel

Hey guys,

I have a bunch of ASA5505s that act as EasyVPN clients and running ASA 7.2(4). My problem is that some of them have an unreliable Internet connection that is, there are some minor interruptions in service. After those interruptions, I find them (ASAs) in the following state: the IPsec tunnel doesn't work (no traffic goes through the VPN tunnel), but the state of the tunnel is AM_ACTIVE. In order to make it work again, I have to disable "EasyVPN client" on the ASA and then re-enable it again. I've been trying to find a solution to this problem, but didn't succeed. Looks like there's no way to enable Dead Peer Detection on an ASA 5505, and you can't schedule to execute a script or issue a command either. If someone has any suggestions or thoughts on how to solve this problem, your help will be greatly appreciated.

Everyone's tags (4)
1 REPLY

Re: ASA5505 EasyVPN client fails to detect broken VPN tunnel

DPD is enabled by default  unless it has been disabled, perhaps  you may want to check your tunnel  groups to ensure this is not the case and look into other causes .

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution4

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i3_72.html#wp1732140

823
Views
0
Helpful
1
Replies
CreatePlease login to create content