OAC Technology
asked on
Problems connecting to ASA 5505 ASDM and VPN.
We have a Cisco ASA 5505 that has randomly blocked all incoming VPN connections including our site to site VPN connection. The Site to Site VPN actually connects, but no data is passed. I am also not able to access the inside interface of the device using HTTPS which worked previously. Nothing had changed on this device for months so I'm confused as to what has happened. I've also tried resetting the device back to defaults and loading a newer version of the ASA operating system with the same results. Has anyone else had this problem before? Could the device be going bad? I've attached my sanitized config.
Thank you
12-28-2012-Comcast-Sanitized.txt
Thank you
12-28-2012-Comcast-Sanitized.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That is interesting, any indication of what's going on in the logs?
ASKER
What command should I be using to get some useful information out of logging?
Try 'sh log' to start and see if there is anything fishy. Try and access the device via SSH/HTTP and verify if it is being denied in the logs. Have you tried enabling management-access inside?
Verify that the VPN is up as well show crypto isakmp sa
Verify that the VPN is up as well show crypto isakmp sa
ASKER
When I type sh log this is what I get:
Syslog logging: enabled
Facility: 22
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level informational, facility 22, 78489 messages logged
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 78488 messages logged
I know the syslog server doesn't exist anymore. Is there a way to have the logs displayed in the telnet session?
Syslog logging: enabled
Facility: 22
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level informational, facility 22, 78489 messages logged
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 78488 messages logged
I know the syslog server doesn't exist anymore. Is there a way to have the logs displayed in the telnet session?
Enable buffer logging:
ASA#conf t
ASA(config)#logging enable
ASA(config)#logging buffered
ASA(config)#terminal monitor (log to ssh or telnet session)
Enable management to inside network over VPN:
ASA(config)# management-access inside
ASA#conf t
ASA(config)#logging enable
ASA(config)#logging buffered
ASA(config)#terminal monitor (log to ssh or telnet session)
Enable management to inside network over VPN:
ASA(config)# management-access inside
ASKER
I tried the above and received this:
(config)# logging buffered
ERROR: % Incomplete command
I also don't see anything being logged while in the terminal
(config)# logging buffered
ERROR: % Incomplete command
I also don't see anything being logged while in the terminal
logging buffered debug
ASKER
I have to type "show log" to get a chunk of log file displayed to the screen. So far, by doing this, I haven't seen any mention of me trying to connect to SSH or HTTPS. Is there maybe a way to limit what's displayed on the log file to just the IP I'm trying to access HTTPS/SSH from?
Thanks
Thanks
ASKER
Any other ideas on this one?
Thanks
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found that the device was bad
ASKER
Just a thought