?
Solved

ASA ezvpn

Posted on 2011-03-05
4
Medium Priority
?
3,738 Views
Last Modified: 2013-05-17
I have an ASA 5505 8.4.1 (branch office) connecting to a ASA 5510 8.0.5 (corporate).  I used the ezvpn option to set up my VPN.  Everything seems to be working.  I can get to all of the desired networks on the corporate network, and I can see everything on the branch side from corp.   I checked all of the networks/hosts defined and I can reach them all.

My problem is that the syslog is continuously filling up with the following events.   Can anyone help me figure out why this is happening?

-----------------------

752015|||||Tunnel Manager has failed to establish an L2L SA.  All configured IKE versions failed to establish the tunnel. Map Tag= _vpnc_cm.  Map Sequence Number = 10.

752012|||||IKEv1 was unsuccessful at setting up a tunnel.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752004|||||Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752010|||||IKEv2 Doesn't have a proposal specified
0
Comment
Question by:sysaminattz
3 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35044650
Looks like there is something amiss in the config(s) regarding the key exchange. Could you post sanitized configurations of the ASA's so we can have a look at what might be wrong?
0
 

Accepted Solution

by:
sysaminattz earned 0 total points
ID: 35058498
I found a solution that works for me.  I removed the auto connect option in the EZ Vpn configuration.

no vpnclient nem-st-autoconnect

The events are no longer filling up the syslog.  The tunnels are still up and everything is working as expected.  I think this is some kind of bug because the issue was never about the ability to successfully bring up the tunnel.
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 35308515
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question