vpn issue

livenliven Member Posts: 918
Ok so I got an asa that lost power and is back up.

No config changes, but the VPN is toast.

No isakmp or ipsec communication is being generated or sent to the distant end... I see all kinds of isakmp stuff coming from the distant end to the asa that is having issues...

Once again no config changes.


I ripped the vpn config out and put it back in... Still nothing... no denys, nothing....

anyone?
encrypt the encryption, never mind my brain hurts.

Comments

  • gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    do you have any syslogs or error logs giving out any specific information or errors ?
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    make sure the crypto map is set to Bidirectional on the ASA and do a ping from the inside to the remote site.

    Do a debug crypto ipsec sa and debug crypto isakmp sa on the remote site if you can access the remote site and post it. Also check your scroll log messages in ASDM while you are pinging.

    Send us the config too.

    It could be that some changes were made to stabilize the VPN but those changes were never committed to flash.

    If the remote site is an IOS router then check the show crypto ipsec security-association lifetime command. IOS defaults to 3600 seconds and ASA defaults to 8 hours. Sometimes those can cause a probelm.

    we need to know what this "all kinds of isakmp stuff" is to help you. ARe you getting past Phase1? getting quick mode errors in pahse 2?
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Sign In or Register to comment.