09-12-2011 04:14 AM
Hi,
We currently have two ISP's in our office. Our internet access is load balanced over the two. When using one ISP we have no problem connecting to the VPN but if we are going out over the other ISP the client fails to connect and gets stuck on contacting the security gateway.
I am attaching two log files. One called connected and the other called not connected. If anyone could shed some light on the problem it would be greatly appreciated.
Regards,
Niall Lynch
09-12-2011 12:06 PM
If I'm understanding correctly, you should be pointing to the IP of the backup line but that should be dynamic based on the configuration. There is an option in your SWVPN client to use Backup Servers, that's where you should enter the IP of the other ISP.
Even before any of that happens, what's the failover method, SLA or BGP? My other question is what device is terminating the VPN ASA or ISR?
09-13-2011 01:28 AM
Hi Lee,
Thankyou for your reply. I don't think I explained the situation properly. The VPN connection is not our own. It belongs to another company who host a SAAS environment for us. They supplied us with the Cisco VPN client and the connection details. I don't think there is an issue with the entry of IP addresses. I can access the VPN with one of our ISPs in the office and I can access it from a mobile broadband provider and from my home broadband also and I know that the hosting company do not have IP addresses for either of these connections. I think the issue lies with our other ISP.
I do not know what device is terminating the VPN.
I have tried lowering the MTU value in the client and that did not work. I sent the log files to the ISP whose internet connection will not connect to the VPN but they do not seem to be very knowledgable on te subject.
I thought someone who is used to looking at the logs may be able to spot something that is not so obvious to someone else.
Regards,
Niall Lynch.
09-14-2011 01:59 AM
After alot of searching and experementing I solved this problem this morning.
I disabled transparent tunneling in the client software and it worked.
Regards,
Niall Lynch
Correct answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide