10-06-2013 08:28 PM - edited 02-21-2020 07:12 PM
Hi,
I have a strange problem afflicting all of my remote access vpn users to a 5510. The clients include the windows cisco client (latest version), VPNC for windows, and the built-in OSx client. All seem to be equally impacted.
The tunnels are initiallly established and pass traffic correctly. At some point, they stop allowing new TCP connections or pings. An existing ssh connection is still responsive, but you cannot establish a new one and you cannot ping to an inside host. If you cycle the vpn connection all is well again.
This happens anywhere from twice a week, to 3 times a day. It doesn't seem to correlate with time of day, network load, or remote network. When it happens, there's nothing in the logs on the client or server side to indicate a problem.
This is asa software version 8.4(4)1.
Any suggestions as to what the cause may be? or the best way to track it down?
Thanks,
Chris Holt
10-06-2013 11:42 PM
have you check the log on asa when this happen?
logging on
logging buffered 7
10-10-2013 09:38 PM
I've turned on logging to capture to a syslog server not at level 7. I've also managed to correlate the problem to the logout of another VPN session from (the same or a different) user behind the same NAT device (netgear wifi router/cable modem in this case, although it can vary).
So my reproducible failure case is this:
connect 2 clients from behind the same public IP.
they both work fine.
disconnect 1 of them.
the other will be able to maintain any existing TCP connection through the VPN but not establish new ones.
now for the really wierd part:
if i reconnect the second client, then my first client is suddenly fixed!
i do have "crypto isakmp nat-traversal 20" in my config. That was the most common answer I found regarding problems with multiple vpn users behind the same nat.
Any suggestions?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide