Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problems connecting to ASA 5505 ASDM and VPN.

Posted on 2013-01-15
13
Medium Priority
?
774 Views
Last Modified: 2013-01-30
We have a Cisco ASA 5505 that has randomly blocked all incoming VPN connections including our site to site VPN connection. The Site to Site VPN actually connects, but no data is passed. I am also not able to access the inside interface of the device using HTTPS which worked previously. Nothing had changed on this device for months so I'm confused as to what has  happened. I've also tried resetting the device back to defaults and loading a newer version of the ASA operating system with the same results. Has anyone else had this problem before? Could the device be going bad? I've attached my sanitized config.

Thank you
12-28-2012-Comcast-Sanitized.txt
0
Comment
Question by:OAC Technology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 5

Accepted Solution

by:
Leeeee earned 2000 total points
ID: 38780304
If you some how find a way to get in to the device, configure 'management-access inside' in global config mode.

If you were able to manage the device before and all of a sudden things broke, I'd verify there isn't an issue with the ASA itself.
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 38780315
I went out with a console cable and was able to access it just fine with that. I was also able to access the CLI through telnet. The odd thing is that HTTPS, SSH, and VPN all broke without anyone touching that device. Could this be a problem with something cryptography related?

Just a thought
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38780327
That is interesting, any indication of what's going on in the logs?
0
Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

 
LVL 2

Author Comment

by:OAC Technology
ID: 38780336
What command should I be using to get some useful information out of logging?
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38780360
Try 'sh log' to start and see if there is anything fishy. Try and access the device via SSH/HTTP and verify if it is being denied in the logs. Have you tried enabling management-access inside?

Verify that the VPN is up as well show crypto isakmp sa
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 38780618
When I type sh log this is what I get:

Syslog logging: enabled
    Facility: 22
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 22, 78489 messages logged
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 78488 messages logged


I know the syslog server doesn't exist anymore. Is there a way to have the logs displayed in the telnet session?
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38780718
Enable buffer logging:

ASA#conf t
ASA(config)#logging enable
ASA(config)#logging buffered
ASA(config)#terminal monitor (log to ssh or telnet session)

Enable management to inside network over VPN:
ASA(config)# management-access inside
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 38783359
I tried the above and received this:
(config)# logging buffered
ERROR: % Incomplete command


I also don't see anything being logged while in the terminal
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38783408
logging buffered debug
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 38787266
I have to type "show log" to get a chunk of log file displayed to the screen. So far, by doing this, I haven't seen any mention of me trying to connect to SSH or HTTPS. Is there maybe a way to limit what's displayed on the log file to just the IP I'm trying to access HTTPS/SSH from?

Thanks
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 38801327
Any other ideas on this one?

Thanks
0
 
LVL 2

Assisted Solution

by:OAC Technology
OAC Technology earned 0 total points
ID: 38819596
I ended up replacing that device with another ASA 5505 and reloading the configuration on that device. It seems to be working fine so my guess is the original ASA was bad in some way.
0
 
LVL 2

Author Closing Comment

by:OAC Technology
ID: 38834535
Found that the device was bad
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question