• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1081
  • Last Modified:

ASA 5505 and connection profiles

I already have a stable VPNs for both remote users and a site to site VPN to our exchange server.
Setting up a third VPN to a sister property proved to be more difficult than it should have been but after a week of trying again and again it seems stable. When it wasn't stable, it would work for a few hours then disconnect and would never reconnect unless I rebuilt the VPN from scratch.
Now even though this third VPN seems to be stable I noticed that it is not listed in the "Connection Profiles" when using the ASDM software. Yet the VPN to the Exchange server is listed. I know for a fact that the VPN to the sister property was listed there when I first built the VPN  but has since disappeared.

Should I be concerned that this site to site connection is not listed in "Connection Profiles"? The VPN is currently working.

Below are the sh run and a screenshot using the ASDM. Maybe i'm missing something?
I always use the ASDM software as I am a newb when it comes to the cli
Sh-run.txt
Adsm.JPG
0
huntleyj
Asked:
huntleyj
  • 3
  • 3
1 Solution
 
MikeKaneCommented:
In your crypto map 1, your peer is 142.176.xxx.xxx.    In Crypto 2, the Peer CSH also maps as 142.176.xxx.xxx.    My 1st question is, are both of these the same peer address?   I can't verify since the code is sanitized.  

0
 
huntleyjAuthor Commented:
MikeKane:
Nope different addresses.
Crypto map 1 is to an Exchange server hosted at our parent company.
Crypto map 2 is the VPN I was having trouble with to our sister company
 
0
 
MikeKaneCommented:
I doublechecked the code, and it looks fine.    

Run a 'SHOW CRYPTO IPSEC SA' at the CLI.   Does that output reflect the VPNs?    

If it does, and the tunnels are working, then the ASA is having trouble interpreting the Code ...  but I can't explain why.   I have 7 groups on my current employers unit, all of which were configured at CLI, all show up in the ASA.  

I can only offer 2 suggestions.  
1) Live with it....  
2) Remove the tunnel from the CLI and recreate it in the GUI.    

Not great options, granted....  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
huntleyjAuthor Commented:
They look fine to me.
I guess I will just have to live with it. Just hope that if I ever reboot the ASA the tunnel comes back up. I'd hate to have to go through tearing down and setting up the VPN again each time.
Thanks for looking at it. I was just thinking I missed something somewhere.
0
 
MikeKaneCommented:
If you are worried about it coming back up, make sure you write mem and run a show config to verify.     Make sure you back up your code regularly, I use Kiwi Cattools for 1-5 devices free of charge.  

I had the ASA ASDM once show different results from the CLI.   CAn't remember what it was ATM, but bottom line, since it was in the CLI properly, and the cattools was backing it up, it didn't worry much.  

0
 
huntleyjAuthor Commented:
Thanks for looking.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now