[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco ASA remote access VPN issues

Posted on 2011-10-12
Medium Priority
Last Modified: 2012-05-12

i have recently deployed remote access VPN services on our Cisco ASA 5510 firewall. it seems that some services are randomly blocked when on vpn, for example, rdp connection to internal server disconnects when left idle for 5 minutes, then you can't even ping the server from the vpn connection.

the ASA device also has an IPS module - AIP SSM20, with up to date signatures. i am not currently able to view the IPS through the ASDM / IDM interface. i am guessing there could be an issue with it. i am able to SSH connect to the management port on the IPS module though, and when i do a show health command - it says that overall health status is red. i am guessing this cannot be good?

i have the ASA and IPS events being logged to a Cisco MARS central syslog server. i have viewed the events sourced from these devices in MARS, and i am seeing many packets being dropped for traffic that should really be permitted - in particular, i see these 2 events - packets shunned, and deny packet - no xlate.

like i said, the events above are occuring on traffic that should be allowed as per the configured security policy on the ASA.

Does anybody know what might be causing this? maybe it is something that needs tuning in the IPS module, but as i said, i can't connect to it at the moment due to some unknown issue. maybe the IPS module needs a reboot?

any help on any of the above or any suggestions would be greatly appreciated.

thanks in advance
Question by:L-Plate
  • 2

Accepted Solution

mrklaxon earned 1000 total points
ID: 36955347
We have the same setup and of course it can work.  Obviously it does appear to be the IPS causing the issue.  You could disconnect it and/or set the ASA to not use it.  The IPS is a plug in module in the ASA but is more or less it's own computer and has it's own IP.  Do you have that?  Do you have a TAC support contract?

From your ASDM on the 5510, go to CONFIGURATION > FIREWALL > SERVICE POLICY RULES and disable the service policy rule that is diverting traffic to the IPS module

Author Comment

ID: 36955401
hi mrklaxon,

thanks for the quick reply. 1st and foremost i think i should reboot the ips module - i can probably do this from ssh connecting to the management ip address on the ips module.

would you recommend that i disable the service policy rule before i do the reboot?
LVL 15

Assisted Solution

by:Robert Sutton Jr
Robert Sutton Jr earned 1000 total points
ID: 36955415
If this was up and running and you recently started having this problem, take a look at the following article. Not 100% sure if this pertains to your issue, but since being VPN related on an asa this was part of a recent vulnerability listed by Cisco on 11/6/2011.


Expert Comment

ID: 36955630
If you think a reboot is a fix I would do that first - you don't want 2 fixes applied and then wonder which fixed it.  Removing the IPS config on the ASA is only a temp testing solution and has nothing to do with being able to access its management IF, it's only to verify it's causing the block.

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month18 days, 20 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question