[c-nsp] ASA VPN Tunnels

Blake Pfankuch blake at pfankuch.me
Thu Dec 27 18:41:43 EST 2012


I should follow this up with the fact that I cannot just do bridge mode and the put the IP directly on the ASA.  For compliance reasons the only 2 things that can be connected to the ASA are a Cisco phone and a work laptop.  So his home network lives off a Linksys on another port of the DSL Modem.  I should also say I have 18 more in this identical setup using Comcast or similar that have no problems.  Those ones don't even have the DMZ set up and they work fine.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Blake Pfankuch
Sent: Thursday, December 27, 2012 3:39 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA VPN Tunnels

Got a little bit of a tricky one...

I have an existing ASA5510 acting as a remote access gateway, serving AnyConnect VPN clients and ASA VPN Clients.  Almost everyone is having no problems.

I have 1 user who has a ASA5505 set up as a client.  User has CenturyLink DSL at his house.  I had him configure the DSL Modem to provide "DMZ" functions to his ASA5505.  I have Turned up the lifetime on the tunnel, as well as the timeout functions.  I have dropped MTU from 1492 to 1300 on the ASA inside and outside.  When it works, it works beautifully, however about every 10 minutes the 5505 drops off the tunnel.  Nothing in logs on either side, just a Tearing down IKE session message.

Anyone have any additional suggestions?
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list