Problems connecting to ASA 5505 ASDM and VPN.

We have a Cisco ASA 5505 that has randomly blocked all incoming VPN connections including our site to site VPN connection. The Site to Site VPN actually connects, but no data is passed. I am also not able to access the inside interface of the device using HTTPS which worked previously. Nothing had changed on this device for months so I'm confused as to what has  happened. I've also tried resetting the device back to defaults and loading a newer version of the ASA operating system with the same results. Has anyone else had this problem before? Could the device be going bad? I've attached my sanitized config.

Thank you
12-28-2012-Comcast-Sanitized.txt
LVL 2
OAC TechnologyProfessional NerdsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
LeeeeeConnect With a Mentor Commented:
If you some how find a way to get in to the device, configure 'management-access inside' in global config mode.

If you were able to manage the device before and all of a sudden things broke, I'd verify there isn't an issue with the ASA itself.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
I went out with a console cable and was able to access it just fine with that. I was also able to access the CLI through telnet. The odd thing is that HTTPS, SSH, and VPN all broke without anyone touching that device. Could this be a problem with something cryptography related?

Just a thought
0
 
LeeeeeCommented:
That is interesting, any indication of what's going on in the logs?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
OAC TechnologyProfessional NerdsAuthor Commented:
What command should I be using to get some useful information out of logging?
0
 
LeeeeeCommented:
Try 'sh log' to start and see if there is anything fishy. Try and access the device via SSH/HTTP and verify if it is being denied in the logs. Have you tried enabling management-access inside?

Verify that the VPN is up as well show crypto isakmp sa
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
When I type sh log this is what I get:

Syslog logging: enabled
    Facility: 22
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 22, 78489 messages logged
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 78488 messages logged


I know the syslog server doesn't exist anymore. Is there a way to have the logs displayed in the telnet session?
0
 
LeeeeeCommented:
Enable buffer logging:

ASA#conf t
ASA(config)#logging enable
ASA(config)#logging buffered
ASA(config)#terminal monitor (log to ssh or telnet session)

Enable management to inside network over VPN:
ASA(config)# management-access inside
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
I tried the above and received this:
(config)# logging buffered
ERROR: % Incomplete command


I also don't see anything being logged while in the terminal
0
 
LeeeeeCommented:
logging buffered debug
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
I have to type "show log" to get a chunk of log file displayed to the screen. So far, by doing this, I haven't seen any mention of me trying to connect to SSH or HTTPS. Is there maybe a way to limit what's displayed on the log file to just the IP I'm trying to access HTTPS/SSH from?

Thanks
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Any other ideas on this one?

Thanks
0
 
OAC TechnologyConnect With a Mentor Professional NerdsAuthor Commented:
I ended up replacing that device with another ASA 5505 and reloading the configuration on that device. It seems to be working fine so my guess is the original ASA was bad in some way.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Found that the device was bad
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.