Solved

ASA ezvpn

Posted on 2011-03-05
4
3,666 Views
Last Modified: 2013-05-17
I have an ASA 5505 8.4.1 (branch office) connecting to a ASA 5510 8.0.5 (corporate).  I used the ezvpn option to set up my VPN.  Everything seems to be working.  I can get to all of the desired networks on the corporate network, and I can see everything on the branch side from corp.   I checked all of the networks/hosts defined and I can reach them all.

My problem is that the syslog is continuously filling up with the following events.   Can anyone help me figure out why this is happening?

-----------------------

752015|||||Tunnel Manager has failed to establish an L2L SA.  All configured IKE versions failed to establish the tunnel. Map Tag= _vpnc_cm.  Map Sequence Number = 10.

752012|||||IKEv1 was unsuccessful at setting up a tunnel.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752004|||||Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1.  Map Tag = _vpnc_cm.  Map Sequence Number = 10.

752010|||||IKEv2 Doesn't have a proposal specified
0
Comment
Question by:sysaminattz
4 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35044650
Looks like there is something amiss in the config(s) regarding the key exchange. Could you post sanitized configurations of the ASA's so we can have a look at what might be wrong?
0
 

Accepted Solution

by:
sysaminattz earned 0 total points
ID: 35058498
I found a solution that works for me.  I removed the auto connect option in the EZ Vpn configuration.

no vpnclient nem-st-autoconnect

The events are no longer filling up the syslog.  The tunnels are still up and everything is working as expected.  I think this is some kind of bug because the issue was never about the ability to successfully bring up the tunnel.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35308515
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA5508-X vs Barracuda X200 2 72
Site-To-site VPN Natting inbound traffic? 9 96
Juniper VPN for Mac and windows OS 5 52
AWS Design\Cisco Meraki 4 34
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question