I just upgraded my pix 506 to an asa 5505. I had 3 site to site VPN's previously set up. 1 dynamic and 2 static. All VPNs have functioned well with the 506. I noticed after the cut over to the ASA my VPNs kept dropping connections, and the dynamic VPN would not hook up at all. (I had to grab the temporary assigned IP to and make it a static VPN just to get her up; this is something I am working out later) Oh, every VPN is setup straight to a PIX 501
My question is with the VPN's dropping. When I went to the ASA, I changed my global command to only include 68.75.X.YZ ; I did this so I could free up some of my usable IP's since I was running out. Well of course the VPNs were dropping connections but then reestablishing themselves.
So to alleviate this (my attempt to) I added back in the rest of the IP's to match the config that I had in my 506. So my question is, would reducing the number of IPs issued by the global command force the VPN connections to drop? We only have about 50 users internally.
THis is my config now:
global (outside) 1 68.75.X.XX-68.75.X.XX global (outside) 1 interface global (outside) 1 68.75.X.ZX global (outside) 1 68.75.X.YZ nat (inside) 0 access-list VPN nat (inside) 1 10.0.0.0 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0
This is what it was
global (outside) 1 interface global (outside) 1 68.75.X.ZX nat (inside) 0 access-list VPN nat (inside) 1 10.0.0.0 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0
Thanks for any NAT/PAT/VPN insight.
Justin.