05-08-2008 02:17 PM
My network looks like this:
Dynamic Public IP:ISP Router:NAT<----->DHCP:ASA 5505:Private LAN
The above ASA connects back to a 3005 Concentrator using EZVPN.
The problem I am having is when the ISP connection sometimes drops, the ASA EZVPN does not instantly try to reconnect once the internet connection is reestablished. It eventually does, but sometimes it takes hours.
I know you can manually force it to reconnect by browsing to the ASA's webpage, but I don't users to have to do that all the time.
Is there a VPN connection retry command for the ASA EZVPN Client?
Also, when I power off and on the ASA, the VPN connection comes back up fine. Again, it would be ideal if users did not have to do that all the time.
Thanks
05-14-2008 05:58 AM
check if 'connect auto' has been configured to automatically bring the tunnels up when down. Have a look at this bug:CSCec87805
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml
05-14-2008 06:21 AM
is nem enabled? split tunneling?
vpnclient nem-st-autoconnect
make sure you also have the groupname/preshared key configured, and username/passwd if using xauth.
05-14-2008 07:03 AM
Here is my vpnclient config:
vpnclient server *************
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup ***** password ********
vpnclient username [domainuser] password [domainpassword]
vpnclient enable
Am I missing something? Split tunneling is specified on the Concentrator side and is working when the tunnel is connected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide