Solved

ASA 5505 and connection profiles

Posted on 2009-03-29
6
973 Views
Last Modified: 2012-05-06
I already have a stable VPNs for both remote users and a site to site VPN to our exchange server.
Setting up a third VPN to a sister property proved to be more difficult than it should have been but after a week of trying again and again it seems stable. When it wasn't stable, it would work for a few hours then disconnect and would never reconnect unless I rebuilt the VPN from scratch.
Now even though this third VPN seems to be stable I noticed that it is not listed in the "Connection Profiles" when using the ASDM software. Yet the VPN to the Exchange server is listed. I know for a fact that the VPN to the sister property was listed there when I first built the VPN  but has since disappeared.

Should I be concerned that this site to site connection is not listed in "Connection Profiles"? The VPN is currently working.

Below are the sh run and a screenshot using the ASDM. Maybe i'm missing something?
I always use the ASDM software as I am a newb when it comes to the cli
Sh-run.txt
Adsm.JPG
0
Comment
Question by:huntleyj
  • 3
  • 3
6 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24022136
In your crypto map 1, your peer is 142.176.xxx.xxx.    In Crypto 2, the Peer CSH also maps as 142.176.xxx.xxx.    My 1st question is, are both of these the same peer address?   I can't verify since the code is sanitized.  

0
 
LVL 3

Author Comment

by:huntleyj
ID: 24022690
MikeKane:
Nope different addresses.
Crypto map 1 is to an Exchange server hosted at our parent company.
Crypto map 2 is the VPN I was having trouble with to our sister company
 
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 24022933
I doublechecked the code, and it looks fine.    

Run a 'SHOW CRYPTO IPSEC SA' at the CLI.   Does that output reflect the VPNs?    

If it does, and the tunnels are working, then the ASA is having trouble interpreting the Code ...  but I can't explain why.   I have 7 groups on my current employers unit, all of which were configured at CLI, all show up in the ASA.  

I can only offer 2 suggestions.  
1) Live with it....  
2) Remove the tunnel from the CLI and recreate it in the GUI.    

Not great options, granted....  
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Author Comment

by:huntleyj
ID: 24023129
They look fine to me.
I guess I will just have to live with it. Just hope that if I ever reboot the ASA the tunnel comes back up. I'd hate to have to go through tearing down and setting up the VPN again each time.
Thanks for looking at it. I was just thinking I missed something somewhere.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24024417
If you are worried about it coming back up, make sure you write mem and run a show config to verify.     Make sure you back up your code regularly, I use Kiwi Cattools for 1-5 devices free of charge.  

I had the ASA ASDM once show different results from the CLI.   CAn't remember what it was ATM, but bottom line, since it was in the CLI properly, and the cattools was backing it up, it didn't worry much.  

0
 
LVL 3

Author Closing Comment

by:huntleyj
ID: 31564049
Thanks for looking.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question