Very Strange VPN problem with ASL4 and ASL5.
Description:
1) Site to site config with some Dynamic VPN clients.
2) ASL4 at office location
3) ASL5 at remote site.
4) The ASL4 at the office is behind 2 routers that perform NAT (vpn pass is enabled on them)
5) ASL5 in remote site has real ip's.
6) I am using RSA key on both FW's
7) NAT-T is enabled on both firewalls (is it correct?)
8) IPSEC = AES_PFS
9) On the ASL4 I have 3 tunnels :
A) Lan ------------------------ > remote LAN
B) DMZ+DMZ2 ----------- > remote LAN
C) Remote VPN clients
10) On the ASL 5 I have 2 tunnels (opposite pairs of A and B)
Problem:
The remote site tunnels are working but they are not stable if they crash I need to reboot both firewalls
In order to enable the VPN and some times I even can't enable them…..
Today the VPN worked for 6 hours and then it crashed……..
It is so problematic that I am not using VPN at this point.
Any pointers how I would make it more stable?
PS - look at the the attachment (network diagram)
This thread was automatically locked due to age.
