Cisco VPN :: ASA5505 Remote Access - Randomly Stops Working
May 9, 2013
I have noticed a problem recently that our Remote Access VPN will randomly stop working. I will be able to connect and enter my Username+Password and it says Connected, but I cannot ping Remote Resources. If I check VPN Client Statistics, it shows Many Packets Sent/Encrypted, but None Received. It seems this problem affects all devices at once, but leaves the L2L tunnels intact.
It seems to randomly start working for a while, and everything seems fine until it stops working again. I verified that it is not a firewall problem, and it occurs on multiple ISPs and computers.
We also have 2 Static L2L Tunnels, and 1 Dynamic L2L Tunnel all of which operate flawlessly. All sites/remote users use split tunneling.
Below is the config, I just added the keepalives on the RA Tunnel to see if it would work, I haven't noticed any difference yet.
ASA Version 8.0(2)
!
hostname HQ-ASA5505
domain-name xxxxx.local
[Code]....
View 3 Replies
ADVERTISEMENT
Oct 11, 2012
Router randomly stops working and sometimes reconnects by it self and sometimes I have to manual reset the router. Also I only get 2-3 bars wireless. Is my router not configured properly or damaged?
View 2 Replies
View Related
Nov 10, 2012
I have a windows vista pc networked to a second pc. I have wirelessly networked internet to 2 laptops. I have an actiontec wireless modem by verizon. All of a sudden my host pc started randomly losing internet connection, but the wireless laptops still have a signal. It seems like the host sometimes can't "see" the modem.Here are my settings while the internet is functioning.Microsoft Windows [Version 6.0.6001]Copyright (c) 2006 Microsoft Corporation. All rights reserved.[CODE]
View 11 Replies
View Related
Sep 3, 2012
I've been using an 802.11 b/g USB wireless network adapter card with my computer to use in conjunction with an AT&T 2Wire router,which is about 20 or 30 feet away off in another room.After about 10 minutes on average, the adapter will stop transferring data suddenly, and it will stay that way for a while. If I do nothing, then sometimes it will start up again after several more minutes, but instead of waiting, I usually will select "Repair" from the Wireless Network Connection pop-up menu, which also works to get it started again. The problem though, naturally, is that after another little while, like about 10 minutes again, it will short out all over again. Sometimes, very rarely, it will stay working for up to maybe an hour, and sometimes, it can short out yet again within a few seconds.
View 9 Replies
View Related
Oct 5, 2011
I just bought the E4200 routher at best buy a few weeks ago. I got it all setup how I want it. Its been working fine then about a day ago it started to stop working at random. All internet just stops working. Wired and Wifi. I have to either wait for it to work again or restart the router.
View 7 Replies
View Related
Aug 17, 2012
I am trying to figure out whats wrong with my parents apple airport router. Its connected into an Arris TM402P/110 cable modem. It randomly stops working, the network is there and shows up fine but you cant connect to it. It might work for a day or 2 and then just stops. I am trying to figure out if there is a configuration issue or the airport hardware is just failing. I am not sure where to start troubleshooting. The event log for the modem isnt much help, the following message shows up occasionally:
No Ranging Response received - T3 time-out
Whats interesting is my mom plugged her desktop right into the cable modem and then after plugging it back into the airport the wireless was working again. Is it possible there is a DHCP issue? If the hardware is failing what would be a good replacement for the airport?
View 2 Replies
View Related
Dec 3, 2012
Region : Argentina
Model : TL-WR1043ND
Hardware Version : v1
Firmware Version :
ISP :
Region : UnitedStates
Model : TL-WR1043ND
Hardware Version : v1
Firmware Version : 3.13.12 Build 120405 rel 33996n
ISP : Verizon Fios
(My router says Version 1.9).Had this router about a month. It works fine. Using it in Wireless mode wpa2 security. Get excellent speeds. HOWEVER> It freqently drops connectivity and fails to allow wireless clients to connect at all. (You can see the SSID via wireless clients, but not connect to it). To restore it, I have to disconnect from Power, wait a moment, then reconnect to power. It recycles and connections are working again with no problems (UNTIL NEXT TIME). Seems to happen every few days.
I checked the web site and I appear to have the most current firmware.I have a Trendnet router on different channels in another part of the house which has never had this problem. I disconnected it to test if it was somehow involved, but the TP-Link router had same symptoms when it (trendnet) was not connected. Our Actiontec Router (VERIZON provides this as base connectin to them serving the Cable TV DVRs also) ) has its wireless disabled and is the DHCP server provider to the home network. DHCP is disabled on the TP Link.
View 14 Replies
View Related
Jul 28, 2011
I have a ASA 5505.|I configured it for remote access VPN from cisco VPN client.the ASA receives a public ip address on outside interface via PPPoE.I can connect to public ip of outside interface and address 10.1.1.2 is assigned to my Cisco vpn client.the problem is that I Cannot ping or reach ASA internal IP address 172.16.29.1 in any way when I am in VPN from outside,while I Can ping other hosts on 172.16.29.0/24 when connected in VPN.this is a problem brcause when I am connected in VPN to ASA I Cannot configure it..Then I Wanted to ask if it is possible a configuration which gives addresses from network 172.16.29.0/24 (the same as inside network) to VPN clients instead of another network (10.1.1.0/24) [code]
View 1 Replies
View Related
Jan 23, 2013
I have the following config below on my ASA5505, where I want to be able to access remote computers who are VPN'd into the inside network, for support purposes.I want to be able to ping the VPN ip from the LAN, and be able to connect to these computers via the VPN ip. [code]
View 4 Replies
View Related
Feb 2, 2012
I have configured ASA 5505 for remote access VPN to allow remote user to connect to the officce LAN from remote locations. VPN working fine, users can access offce LAN and sahred resource etc but once they connected to VPN, they can not browse the internet ? Internet browsing stop working as soon as their VPN client connnect with ASA 5505 t, once they are disconnected from the VPN , again they can browse the internet.
Does ASA 5505 blocks the internet browsing for VPN users ? Is there anything else I need to congfure to make sure VPN users can browse internet? Do I need to configure Split Tunnleing , NATing or routing for the VPN users?
View 3 Replies
View Related
Apr 3, 2013
I have a brand new ASA 5505 running version 8.2(5). Got connected with the ASDM and ran the setup wizard and the remote access VPN wizard. I am not able to ping the outside interface from the internet, and my VPN client gets no response when trying to connect.
View 5 Replies
View Related
Jun 2, 2013
I have setup a Remote access VPN on my ASA5505 firewall through the ASDM wizard.I can successfully connect with the Cisco VPN client. My firewall also shows me the VPN session and shows incoming Rx packets. However, Tx packets remain 0, so no traffic is going out. My ASA5505 is configured as router on a stick with 25 different VLAN's. I want to restrict traffic to one specific VLAN using a crypto map.When I issue a ping -t command on my connected Windows box, the firewall log shows me the following message:
"IKE Initiator unable to find policy: Intf outside, Src: 10.7.11.18, Dst: 172.16.1.1."
"This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself." [code] I have really no idea what's going on. I have setup a Remote access VPN countless times but this time it shows me the error as described above.
View 5 Replies
View Related
Sep 28, 2011
We have two sites connect with an IPSec L2L VPN.
-Site A: 192.168.13.0/24
-Site B: 192.168.2.0/24
On both sites we have a ASA5505(Base license) to terminate the tunnel.On Site B we also got a remote access vpn to which we can connect using the vpn client.The lan2lan tunnel works fine and so the remote access vpn.Now i want to connect to Site A using my vpn client connected to Site B. [code] There are no vpn-filters or other special policys in place..If tried to ping from my vpn client to Site A while i was debugging ipsec 255 on site B: the asa matched the l2l-tunnel for traffic sourced from 192.168.25.x to 192.168.13.x but when im doing a show crypto ipsec sa detail there are no packets getting encrypted..so of course no packets reaching my asa on site a.
View 9 Replies
View Related
Jul 11, 2012
I have a network with 3 sites that are on different subnets. Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?
View 2 Replies
View Related
Sep 13, 2012
I am trying to access and ping the inside interface of a ASA5505 from a remote network. From the remote network, I am able to access anything on the local network, but the ASA5505 inside interface.The 2 networks linked by a fiber link which have a transport network on another interface. From the remote network, I am able to ping the transport network interface IP, but I would like to be able to ping the inside interface IP. When I do a packet tracer, I get a deny from an implicit rule.How can I achieve that?
Here are the subnets involved and the ASA5505 config.
Remote network : 10.10.2.0/24
Local network : 10.10.1.0/24
Transport network : 10.10.99.0/24
[code]....
View 1 Replies
View Related
Jun 5, 2012
I have an asa5505 with software version 7.2(3) that randomly stops responding. The firewall sits in front of a public facing webserver that handles a significant amount of traffic.I was wondering that would happen when the asa5505 reaches or exceeds the 4000 connections per second limit... i.e. would this possibly explain why my asa5505 stops responding and requires a power cycle in order to start working again. when it "crashes" it does not respond on either the outside or inside interfaces.
View 5 Replies
View Related
Feb 26, 2013
We have a situation with 20 4410N's They are connected through a 2960 switch. They runned for about a year with no problems. We use the WiFi system with 10 cisco wireless ip phones, several workstations (5-10) and a few mobile devices.
Three weeks ago we took 10-15 iPads in commission (almost equally divided over the AP's), since then the trouble started. Several accesspoints stop randomly responding a few times a, day. We updated to the latest firmware (2.0.4.2), but that did not solve the problems.
Were using 3 SSID's WPA2 encryption and fixed IP's for the AP's. If we can't get a hold on this we have to replace all the AP's by other ones.
View 2 Replies
View Related
Feb 26, 2013
My internet works fine but after a random period of time, usually 20-30 minutes the internet stops responding. I have ran a diagnostics test using the Intel PROset/wireless tools program and it states on the ping test that there is no response from the default gateway and the DHCP server.
View 3 Replies
View Related
Mar 30, 2011
I just bought a dlink 655 from amazon and for some reason the router stops broadcasting on wifi. I cannot connect to it through my laptop or ps3. The only thing that fixes this is removing the plug from the back of it and putting it back in, once i do this, the SSID shows up once again and all is well until the next day (or 2 days after)
View 2 Replies
View Related
Nov 5, 2011
We have a Cisco 1811 which is running a number of different services. Let me try and explain how everything is working first.
On routed port 0, we have a statically configured fiber connection which routes a public /28. No BGP, etc just default routes. The /28 is divided into a two /29's, once of which is routed to Vlan3.
On routed port 1, we have a PPPoE DSL connection, with a single static IP.
Vlan1 is a 192.168.1.x subnet
Vlan2 is a 192.168.2.x subnet
Vlan3 is a y.y.y.x/29 subnet(the routed subnet)
Vlan1 and Vlan2 PAT the static fiber IP(not the other /29) along with the DSL. The other /29 is used for a few static NAT translations and SSLVPN
There is a zone based firewall in play, as well as a few route-maps to redirect traffic out certain interfaces on the inside.
The problem is, the fiber IP randomly stops responding to ping/ssh, however I can ping the interface IP assigned to Vlan3 from the WAN. DSL never loses connection in this manner.
I can normally reestablish "normal" connectivity by connecting to the DSL and bringing down the fiber and routed vlan in a specific order.
View 2 Replies
View Related
Aug 19, 2012
This happens intermittantly. This results in most connections (but not all) being dropped. I will be unable to connect to web servers. My connection to videogame servers will drop. However, AIM will stay connected. These were done simultaneously. The same thing happens with my Cisco AE1200 and a D-Link 802.11g adapter I have. Disconnecting my adapter and reconnecting it solves the problem. I have tried doing a factory reset on the router and installing the latest firmware. It seems to happen more frequently when I am doing a lot of throughput (downloading a game on Steam, for instance) but other times it will happen when all I am doing is playing a game (like Tribes Ascend) which uses very little data. This is extremely frustrating. When I pay more than $150 for a piece of networking equipment, I expect it to last more than 3 years.
View 4 Replies
View Related
Jan 16, 2012
I have downloaded netflix on our wii. We have a E1000 Linksys router.
While watching anything on Nextflix, the movie stops every 2 minutes and began loading again.
View 2 Replies
View Related
Jun 3, 2012
I'm attempting to configure an for both site-to-site and remote access VPNs. The site-to-site is working fine, however when I connect using the Cisco client, after initial connection and password prompt I get a "not connected" status. The log states that a policy map match could not be found. I have successfully set the unit up for remote access with no site-to-site and ran into another host of issues when adding the site-to-site to the working remote access config, so I started over setting up site-to-site first. I've attempted this through ADSM (hate it) - the current configuration is via CLI. I'm certain I'm just missing a piece or two.
View 2 Replies
View Related
May 27, 2011
I have setup a remote access on our 1841 device, with split tunnel.
now i am able to connect via the vpn tunnel, and even ping and telnet into the cisco device, but when i try to ping any device past the 1841, the ping fails and no traffic is even been encrypted to go over the vpn traffic (looking at the vpn client statistics).
From the ciscos side, pings to the vpn client is failing, yet i see the vpn client in the routing table.
Here is my config:
cisco1841#sh run Building configuration...
Current configuration : 7682 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname cisco1841!boot-start-markerboot-end-marker!logging buffered 51200
[Code].....
View 4 Replies
View Related
Sep 7, 2011
I'm trying to achieve framed-ip-address/static ip address for some remote access vpn clients and ip allocation from pool dynamically for remaining remote access vpn clients. I've configured my asa [URL].
I'm using local database for user authentication. Remote users can connect and always gets IP address from pool only and never gets the framed-ip I configured for those particular users.
View 3 Replies
View Related
Apr 24, 2013
i have a 876 Router, connected to the Internet and a VPN. From inside i would like to pass all traffic destinied to 192.168.0.0 255.255.255.0 to the VirtualPPP IF and al the other to the Internet (vlan2) I have created this rule, but after applying ist works only for about 30 to 60 seconds. after that only the Internet reachable. Everytime i do a clear ip nat trans * both Interfaces will work für 30 to 60 secs again...
This is the relevant part of the cfg
ip nat inside source route-map Di1 interface Virtual-PPP1 overload
ip nat inside source route-map VLAN1 interface Vlan2 overload
!
access-list 1 remark CCP_ACL Category=2
[Code].....
View 5 Replies
View Related
Aug 4, 2011
I have been searching for days trying to find out what could be wrong with the configuration of an ASA5505 running Firmware version 7.2(2). I am trying to set up a hairpin connection between my laptop on the VPN tunnel (192.168.25.12) to access the server across the L2L VPN (192.168.1.10) on the diagram below.
The remote VPN function is working, as I can RDP to the 192.168.25.10 server from my laptop, and the L2L VPN is working since I can RDP from server 192.168.25.10 to server 192.168.1.10. I am trying specifically to run RDP from my laptop without having to log into the .25 network.
I have tried multiple changes to my NAT tables and my ACL configurations to no avail.[code]
View 8 Replies
View Related
Apr 3, 2012
We currently have a few 5505s installed at client sites which are connected via s2s ipsec VPN to our datacenter's 5510. We are using Nagios to monitor the local data center and remote client infrastructure (over the VPNs) which has been working well.
We would like to also monitor the remote 5505s using SNMP over the s2s tunnels but it doesn't seem to be working, the connection is timing out. We've configured the remote 5505s with the same snmp statement we used on the 5510 (snmp-server host inside <remote datacenter IP> poll community ***** version 2c) yet the Nagios SNMP check cannot connect to the remote 5505s. We've also tried the command using 'outside' without any luck, not sure how to get SNMP to route over the VPN.
View 15 Replies
View Related
May 23, 2011
How to remotely changing ip address for my ASA5505.
View 1 Replies
View Related
Oct 13, 2011
I have a (central) ASA5510 acting as a EasyVPN server and a number of (remote) ASA5505 as EasyVPN client. All the communication works fine between the different networks. The issu is the ASA itself. The remote ASA can ping the central ASA on it's internal IP-adress, but it can't ping any other resoruces at the central network. If I ping the DC at the central network from the remote ASA I get a deny in the central ASA with source address as the public IP-adress of the remote ASA and destination of the internal address of the DC. If I from the remote ASA do "ping inside ip-of-central-dc" it work's like a charm, but "ping ip-of-central-dc" dosen't work.
View 3 Replies
View Related
Feb 27, 2013
I'm having a Issue getting my VPN up from out remote site . We have a ASA5505 at the remote site and the Main office we have a PIX-515E.. I followed this temp config I found on line but Im still not able to get the VPN UP..
This script can be used to get you started on a site to site vpn using the older Cisco PIX code. PIX running 6.3 ! ^^^^ Set ISAKMP (phase 1) parameters ^^^^^ {code]...
When I log into the ASA and run these commands This what I get
Colort2# sh run crypto isakmp
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
[code]...
View 1 Replies
View Related
Mar 5, 2012
I have a cisco asa 5010 where, during the process of configuring, the outside ports become down/down. The /0 port won't even reactivate after cycling power on the unit.Port /1 is the inside interface and it is not affected by the problems.I switched the outside port to port /3 and it worked for awhile then it stopped working. I switched it to Port /2 and the same thing.Port /2 and Port /3 are on after a power recycle but shut down completely (down/down) during the reconfiguration. It seems like a hardware failure, but I'm wondering if it could be anything else.
View 4 Replies
View Related
Jul 19, 2012
I recently setup a site to site vpn between a asa 5510 and router 1921. It was working great all night and this morning. When traffic stopped rolling through for a few hours the tunnel shutdown. I checked the router using cisco configuration and tells me the tunnel is up. When I check the asa it does not show up in the active tunnels. Any know what would cuase it to drop? and if so what can I do to avoid it.
View 6 Replies
View Related
