I have a bit of a problem with my site to site vpns. I work for an IT support company that manages a client’s infrastructure. Company X (the client) has two offices, the main office hosts the DC, file, DNS and exchange servers. The second office has a DNS server and a DC for local logins. The two offices are linked between a site to site VPN. The second office uses the VPN to access files but most important the exchange server for emails. The problem is a user’s outlook won’t be able to connect to the exchange server, this will happen randomly.
The user can still access internet, ping any server across the vpn link but they just won’t be able to connect to the exchange server for about 2-5 minutes. My questions is for the second office when users have to cross the vpn link to get email from the exchange server could the vpn be stopping the users exchange session? The users in the main office are not at all affected by this.
I just want to know if it is at all possible for the vpn or router to stop a user’s ability in accessing the exchange server for a short time. No exchanges have been made to the configs and this has only started in the past 6 months, VPN and servers have been active for 2 years now.
What debug could i run to test for dropped sessions/packets across the vpn link
Not very likely that VPN (the feature) would be o blame in situation like this. Unless, you're using VPN filter (or similar features).
Now if the VPN is terminated on firewalls check the deep packet insection policies, on ASA's for example you will have inspect SMTP which could affect outgoing email (not really fetching your emails from server).
Start by inspecting syslogs from VPN devices around the time people have reported problems. :-)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :