Solved

ASA 5505 and connection profiles

Posted on 2009-03-29
6
936 Views
Last Modified: 2012-05-06
I already have a stable VPNs for both remote users and a site to site VPN to our exchange server.
Setting up a third VPN to a sister property proved to be more difficult than it should have been but after a week of trying again and again it seems stable. When it wasn't stable, it would work for a few hours then disconnect and would never reconnect unless I rebuilt the VPN from scratch.
Now even though this third VPN seems to be stable I noticed that it is not listed in the "Connection Profiles" when using the ASDM software. Yet the VPN to the Exchange server is listed. I know for a fact that the VPN to the sister property was listed there when I first built the VPN  but has since disappeared.

Should I be concerned that this site to site connection is not listed in "Connection Profiles"? The VPN is currently working.

Below are the sh run and a screenshot using the ASDM. Maybe i'm missing something?
I always use the ASDM software as I am a newb when it comes to the cli
Sh-run.txt
Adsm.JPG
0
Comment
Question by:huntleyj
  • 3
  • 3
6 Comments
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
In your crypto map 1, your peer is 142.176.xxx.xxx.    In Crypto 2, the Peer CSH also maps as 142.176.xxx.xxx.    My 1st question is, are both of these the same peer address?   I can't verify since the code is sanitized.  

0
 
LVL 3

Author Comment

by:huntleyj
Comment Utility
MikeKane:
Nope different addresses.
Crypto map 1 is to an Exchange server hosted at our parent company.
Crypto map 2 is the VPN I was having trouble with to our sister company
 
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
Comment Utility
I doublechecked the code, and it looks fine.    

Run a 'SHOW CRYPTO IPSEC SA' at the CLI.   Does that output reflect the VPNs?    

If it does, and the tunnels are working, then the ASA is having trouble interpreting the Code ...  but I can't explain why.   I have 7 groups on my current employers unit, all of which were configured at CLI, all show up in the ASA.  

I can only offer 2 suggestions.  
1) Live with it....  
2) Remove the tunnel from the CLI and recreate it in the GUI.    

Not great options, granted....  
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Author Comment

by:huntleyj
Comment Utility
They look fine to me.
I guess I will just have to live with it. Just hope that if I ever reboot the ASA the tunnel comes back up. I'd hate to have to go through tearing down and setting up the VPN again each time.
Thanks for looking at it. I was just thinking I missed something somewhere.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
If you are worried about it coming back up, make sure you write mem and run a show config to verify.     Make sure you back up your code regularly, I use Kiwi Cattools for 1-5 devices free of charge.  

I had the ASA ASDM once show different results from the CLI.   CAn't remember what it was ATM, but bottom line, since it was in the CLI properly, and the cattools was backing it up, it didn't worry much.  

0
 
LVL 3

Author Closing Comment

by:huntleyj
Comment Utility
Thanks for looking.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now