• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1129
  • Last Modified:

ASA 5505 and connection profiles

I already have a stable VPNs for both remote users and a site to site VPN to our exchange server.
Setting up a third VPN to a sister property proved to be more difficult than it should have been but after a week of trying again and again it seems stable. When it wasn't stable, it would work for a few hours then disconnect and would never reconnect unless I rebuilt the VPN from scratch.
Now even though this third VPN seems to be stable I noticed that it is not listed in the "Connection Profiles" when using the ASDM software. Yet the VPN to the Exchange server is listed. I know for a fact that the VPN to the sister property was listed there when I first built the VPN  but has since disappeared.

Should I be concerned that this site to site connection is not listed in "Connection Profiles"? The VPN is currently working.

Below are the sh run and a screenshot using the ASDM. Maybe i'm missing something?
I always use the ASDM software as I am a newb when it comes to the cli
Sh-run.txt
Adsm.JPG
0
huntleyj
Asked:
huntleyj
  • 3
  • 3
1 Solution
 
MikeKaneCommented:
In your crypto map 1, your peer is 142.176.xxx.xxx.    In Crypto 2, the Peer CSH also maps as 142.176.xxx.xxx.    My 1st question is, are both of these the same peer address?   I can't verify since the code is sanitized.  

0
 
huntleyjAuthor Commented:
MikeKane:
Nope different addresses.
Crypto map 1 is to an Exchange server hosted at our parent company.
Crypto map 2 is the VPN I was having trouble with to our sister company
 
0
 
MikeKaneCommented:
I doublechecked the code, and it looks fine.    

Run a 'SHOW CRYPTO IPSEC SA' at the CLI.   Does that output reflect the VPNs?    

If it does, and the tunnels are working, then the ASA is having trouble interpreting the Code ...  but I can't explain why.   I have 7 groups on my current employers unit, all of which were configured at CLI, all show up in the ASA.  

I can only offer 2 suggestions.  
1) Live with it....  
2) Remove the tunnel from the CLI and recreate it in the GUI.    

Not great options, granted....  
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
huntleyjAuthor Commented:
They look fine to me.
I guess I will just have to live with it. Just hope that if I ever reboot the ASA the tunnel comes back up. I'd hate to have to go through tearing down and setting up the VPN again each time.
Thanks for looking at it. I was just thinking I missed something somewhere.
0
 
MikeKaneCommented:
If you are worried about it coming back up, make sure you write mem and run a show config to verify.     Make sure you back up your code regularly, I use Kiwi Cattools for 1-5 devices free of charge.  

I had the ASA ASDM once show different results from the CLI.   CAn't remember what it was ATM, but bottom line, since it was in the CLI properly, and the cattools was backing it up, it didn't worry much.  

0
 
huntleyjAuthor Commented:
Thanks for looking.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now