Solved

ASA ezvpn

Posted on 2011-03-05
4
3,664 Views
Last Modified: 2013-05-17
I have an ASA 5505 8.4.1 (branch office) connecting to a ASA 5510 8.0.5 (corporate).  I used the ezvpn option to set up my VPN.  Everything seems to be working.  I can get to all of the desired networks on the corporate network, and I can see everything on the branch side from corp.   I checked all of the networks/hosts defined and I can reach them all.

My problem is that the syslog is continuously filling up with the following events.   Can anyone help me figure out why this is happening?

-----------------------

752015|||||Tunnel Manager has failed to establish an L2L SA.  All configured IKE versions failed to establish the tunnel. Map Tag= _vpnc_cm.  Map Sequence Number = 10.

752012|||||IKEv1 was unsuccessful at setting up a tunnel.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752004|||||Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752010|||||IKEv2 Doesn't have a proposal specified
0
Comment
Question by:sysaminattz
4 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35044650
Looks like there is something amiss in the config(s) regarding the key exchange. Could you post sanitized configurations of the ASA's so we can have a look at what might be wrong?
0
 

Accepted Solution

by:
sysaminattz earned 0 total points
ID: 35058498
I found a solution that works for me.  I removed the auto connect option in the EZ Vpn configuration.

no vpnclient nem-st-autoconnect

The events are no longer filling up the syslog.  The tunnels are still up and everything is working as expected.  I think this is some kind of bug because the issue was never about the ability to successfully bring up the tunnel.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35308515
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question