Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
0
Helpful
3
Replies

ASA Easy VPN Connection Issue

Go to solution
edisonbbs
Level 1
Level 1

‎02-02-2011 05:16 AM

Hi Guys,

I configured Easy VPN between 5510 and 5505. Every thing looks fine, however, if there is no traffic in the tunnel in next few hours, I can not initial traffic from 5510 to 5505 (client). But if I initail traffice from 5505, there is no problem.

Is anyone know why?

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Bastien Migette
Cisco Employee
Cisco Employee

‎02-02-2011 05:54 AM

Hello,

This behavior is normal, this is part of the easy vpn feature. The 5505 will act as a remote vpn client to the 5510. It's not like with a site to site vpn where both ends know the IP of the remote peer, and so that each peer can initiate the connection, here the 5510 will only know about the 5505 IP and network when it will connect via easy VPN.

If you want the tunnel to be established from both ends, I would suggest that you use a classic site to site connection as described here:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/sitesite.html

I hope this help.


Regards,
Bastien

View solution in original post

0 Helpful

Go to solution
Bastien Migette
Cisco Employee
Cisco Employee
In response to edisonbbs

‎02-02-2011 06:00 AM

No problem, if that answer your question, please mark the topic as answered and/or rate the useful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Bastien Migette
Cisco Employee
Cisco Employee

‎02-02-2011 05:54 AM

Hello,

This behavior is normal, this is part of the easy vpn feature. The 5505 will act as a remote vpn client to the 5510. It's not like with a site to site vpn where both ends know the IP of the remote peer, and so that each peer can initiate the connection, here the 5510 will only know about the 5505 IP and network when it will connect via easy VPN.

If you want the tunnel to be established from both ends, I would suggest that you use a classic site to site connection as described here:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/sitesite.html

I hope this help.


Regards,
Bastien

0 Helpful

Go to solution
edisonbbs
Level 1
Level 1
In response to Bastien Migette

‎02-02-2011 05:59 AM

Thank you so so much for your information.

I will have look it.

0 Helpful

Go to solution
Bastien Migette
Cisco Employee
Cisco Employee
In response to edisonbbs

‎02-02-2011 06:00 AM

No problem, if that answer your question, please mark the topic as answered and/or rate the useful posts

0 Helpful
Customers Also Viewed These Support Documents