Solved

ASA 5505 and connection profiles

Posted on 2009-03-29
6
990 Views
Last Modified: 2012-05-06
I already have a stable VPNs for both remote users and a site to site VPN to our exchange server.
Setting up a third VPN to a sister property proved to be more difficult than it should have been but after a week of trying again and again it seems stable. When it wasn't stable, it would work for a few hours then disconnect and would never reconnect unless I rebuilt the VPN from scratch.
Now even though this third VPN seems to be stable I noticed that it is not listed in the "Connection Profiles" when using the ASDM software. Yet the VPN to the Exchange server is listed. I know for a fact that the VPN to the sister property was listed there when I first built the VPN  but has since disappeared.

Should I be concerned that this site to site connection is not listed in "Connection Profiles"? The VPN is currently working.

Below are the sh run and a screenshot using the ASDM. Maybe i'm missing something?
I always use the ASDM software as I am a newb when it comes to the cli
Sh-run.txt
Adsm.JPG
0
Comment
Question by:huntleyj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24022136
In your crypto map 1, your peer is 142.176.xxx.xxx.    In Crypto 2, the Peer CSH also maps as 142.176.xxx.xxx.    My 1st question is, are both of these the same peer address?   I can't verify since the code is sanitized.  

0
 
LVL 3

Author Comment

by:huntleyj
ID: 24022690
MikeKane:
Nope different addresses.
Crypto map 1 is to an Exchange server hosted at our parent company.
Crypto map 2 is the VPN I was having trouble with to our sister company
 
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 24022933
I doublechecked the code, and it looks fine.    

Run a 'SHOW CRYPTO IPSEC SA' at the CLI.   Does that output reflect the VPNs?    

If it does, and the tunnels are working, then the ASA is having trouble interpreting the Code ...  but I can't explain why.   I have 7 groups on my current employers unit, all of which were configured at CLI, all show up in the ASA.  

I can only offer 2 suggestions.  
1) Live with it....  
2) Remove the tunnel from the CLI and recreate it in the GUI.    

Not great options, granted....  
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 3

Author Comment

by:huntleyj
ID: 24023129
They look fine to me.
I guess I will just have to live with it. Just hope that if I ever reboot the ASA the tunnel comes back up. I'd hate to have to go through tearing down and setting up the VPN again each time.
Thanks for looking at it. I was just thinking I missed something somewhere.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24024417
If you are worried about it coming back up, make sure you write mem and run a show config to verify.     Make sure you back up your code regularly, I use Kiwi Cattools for 1-5 devices free of charge.  

I had the ASA ASDM once show different results from the CLI.   CAn't remember what it was ATM, but bottom line, since it was in the CLI properly, and the cattools was backing it up, it didn't worry much.  

0
 
LVL 3

Author Closing Comment

by:huntleyj
ID: 31564049
Thanks for looking.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 55
TZ400 2 25
Cisco router external connection issues. 6 32
SSL-VPN Solution 8 16
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question