12-02-2009 04:48 AM
My organisation has a number of overseas offices. We have a Cisco VPN 3015 Concentrator at head office. Our overseas offices have a variety of PIX 506e and ASA 5505 which are used as VPN endpoints.
At the head office we have two subnets - 172.168.0.0/21 and 172.16.9.0/24. The larger subnet is the general network for users, printers etc, with two domain controllers. 172.16.9.0/24 houses the rest of our servers.
Three of our offices, one using a PIX 506e and two using ASA 5505, perdodically lose connectivity to hosts in the 172.16.9.0/24 subnet, but not to hosts in 172.16.0.0/21 network. This can sometimes be recovered by reloading the config of the endpoint device. Sometimes it recovers by initiating traffic (for example ssh'ing to the endpoint, then doing ping inside 172.16.9.1). Sometimes the connection comes back by itself.
The other 8 offices do not have this problem. I can find no significant difference in the config on the endpoints.
I'm not really sure the best steps to take to troubleshoot this further. Has anyone else come across a problem like this?
DunxD
12-02-2009 04:52 AM
I forgot to mention that we are using EZVPN on all the endpoints.
01-15-2010 05:10 AM
I am having the same exact issue with 2 ASA 5520s. I can recover the routing
by sending a packet from the endpoint using the packet tracer within ASDM. I
didn't notice it until after I updated the ASA code to 8.0 (3). I will be following this for an answer.
01-18-2010 02:38 AM
Still getting this. After doing a ping from the inside interface to a host on the vlan concerned, it seems to stay up for 20 minutes then drop.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide