Solved

ASA ezvpn

Posted on 2011-03-05
4
3,676 Views
Last Modified: 2013-05-17
I have an ASA 5505 8.4.1 (branch office) connecting to a ASA 5510 8.0.5 (corporate).  I used the ezvpn option to set up my VPN.  Everything seems to be working.  I can get to all of the desired networks on the corporate network, and I can see everything on the branch side from corp.   I checked all of the networks/hosts defined and I can reach them all.

My problem is that the syslog is continuously filling up with the following events.   Can anyone help me figure out why this is happening?

-----------------------

752015|||||Tunnel Manager has failed to establish an L2L SA.  All configured IKE versions failed to establish the tunnel. Map Tag= _vpnc_cm.  Map Sequence Number = 10.

752012|||||IKEv1 was unsuccessful at setting up a tunnel.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752004|||||Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752010|||||IKEv2 Doesn't have a proposal specified
0
Comment
Question by:sysaminattz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35044650
Looks like there is something amiss in the config(s) regarding the key exchange. Could you post sanitized configurations of the ASA's so we can have a look at what might be wrong?
0
 

Accepted Solution

by:
sysaminattz earned 0 total points
ID: 35058498
I found a solution that works for me.  I removed the auto connect option in the EZ Vpn configuration.

no vpnclient nem-st-autoconnect

The events are no longer filling up the syslog.  The tunnels are still up and everything is working as expected.  I think this is some kind of bug because the issue was never about the ability to successfully bring up the tunnel.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35308515
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add or change DNS server address used by OpenVPN software 5 62
ASA configuration 2 52
VPN tunnel between Watchguard and OpenVPN? 1 208
VPN problems 4 92
One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question