Cisco VPN endpoints disconnecting from a VLAN

Posted by dunxd on Server Fault See other posts from Server Fault or by dunxd
Published on 2010-01-26T09:07:44Z Indexed on 2010/04/13 2:03 UTC
Read the original article Hit count: 459

Filed under:
|
|
|
|

I have a number of Cisco ASA 5505 and PIX 506e around the world acting as VPN endpoints. They connect to a Cisco VPN Concentrator 3000 at HQ. I am using EZVPN to set up the VPN (i.e. most of the config is central on the VPN Concentrator) The majority of endpoints work absolutely fine.

However, there are three that do not. 2 ASAs and 1 PIX get disconnected from one of the VLANs on our network. This is the VLAN that my monitoring server runs on - so those endpoints look as if they have gone down. However, I can still ping the endpoints from our user VLAN. If I then SSH onto the endpoint, and do a ping to my monitoring server, the connection comes back. Then after about 10 minutes it stops working again.

I've looked at the configuration of my endpoints, and I can't see any significant differences. One common feature is that the affected endpoints are connecting to the internet via retail quality routers. However, I don't see how this could affect traffic within a VPN tunnel.

Any ideas or suggestions? I've also got a thread on Cisco's forums at https://supportforums.cisco.com/thread/344638. One other person has reported the same problem.

© Server Fault or respective owner

Related posts about cisco

Related posts about vpn