Re: ASA 5510 as VPN Hub

logintck · ‎04-20-2009

I am a new of ASA. I setup several VPN tunnels between Data Centre, Headoffice, Site A and Site B. (Pls refer attachment)

Alls VPN tunnel are up. when I setup ASA in head-office as "VPN hub" so that Users in Site A and Site B are able to access the resources in Data Centre through ASA 5510

Everything is fine excecpt that the tunnel between Site A and Data Centre. Users are able to access the resources in Data Centre for 6-7 hrs only. Then, the VPN tunnel is dropped. When it happens, I checked that the VPN tunnel between Site A and head office is UP.

How to rebulid the the tunnel between Site A and Data Centre. I manually logoff the VPN tunnel and Data Centre with ADSM and let it up again.

If I don't do that, the tunnel between Site A and Data Centre will NOT resumed.

This is annoying for me. :(

Anyone has similar experience?

andrew.prince · ‎04-21-2009

I have seen this issue - when using IOS 8.0(3/4) code and using the reverse route injection on the crypto map settings.

Check your config at both ends - and compare against site B if this tunnel has no issues.

HTH>

logintck · ‎04-21-2009

Thank you for your reply.

What is reverse route injection?

During the Tunnel is down, I check real time log. I found that

Syslog ID: 106015

Deny TCP (no connection) from Site A IP/3510 to Data Cente IP/5060 flags RST on interface outside

andrew.prince · ‎04-21-2009

Not being nasty of anything - if you have to ask what it is, you do not have it configured and it's not part of your issue.