Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Load-balancing on ASA with EzVPN clients

I'm having problems with routers using ExVPN client connected to a pair of load-balanced ASA 5520's periodically not passing traffic accross the tunnel.

What I'm seeing is that the tunnel never goes down (show cry isa sa) shows the tunnel up on both ends, but I can't ping anything from the router side or the ASA side. To temporarily fix the problem I force a logoff via the ASDM, the routers connect right back up to the ASA and start passing traffic.

I have about 20 sites and typically they will pass traffic for 4 to 6 hours then stop passing traffic for 4 hours, then start back up for 4-6 hours I believe they will keep repeating this indefinitely but I only had a weekend to test. What is interesting is that they will all stop passing traffic at different times 7:30pm 7:40pm , But they will all start passing traffic at the exact same time (based on our network monitoring software).

If I remove load-balancing from the ASA's and change the peer address on the client to the physical address of the ASA, these problems go away .

Cisco 871 EzVPN clients in NEM  12.4.24.t2

ASA's are on 8.2.2

Any Ideas

Mike Iversen

244
Views
0
Helpful
0
Replies
CreatePlease to create content