l2l connection profiles gone

dl_itnetwork · ‎06-20-2024

Recently added a new l2l vpn tunnel for a new site and after building out and bringing up the tunnel, all connection profiles and crypto maps are now missing from the asdm > configuration > site-to-site vpn > connection profiles list and asdm > configuration > site-to-site vpn > crypto maps. If I try to recreate those profiles, I get an error msg saying the profile already exists. Lastly, now all the tunnel connections are down and we're unable to bring them back up.

Has anyone ever seen this happen before?

MHM Cisco World · ‎06-20-2024

cany you see the config via CLI ?

MHM

dl_itnetwork · ‎06-20-2024

I believe so,

All the following are present:
transform-sets
both ikev1 and v2 proposals
crypto maps
crypto ike policies
crypto ike1,2 are enabled and assigned to their respective interfaces as before
group-policies
tunnel-groups

We've reloaded the device in the hopes that maybe we're up against a bug but no luck. Info is still missing when viewing in ASDM.

MHM Cisco World · ‎06-20-2024

Cisco Secure Firewall ASA Compatibility - Cisco

check then the compatibility between ASA and asdm

MHM

dl_itnetwork · ‎06-20-2024

Device: ASA5512
ASA Version: 9.12(4)67
ASDM Version: 7.18(1)152

Edit to add:
I picked one of the pre-existing tunnels and ran packet-tracer via cli, all phases pass with ALLOW result and the final result being:

Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: allow

dl_itnetwork · ‎06-20-2024

Found the issue by doing a config compare from an older snapshot. For some reason the following command/line item was missing:

crypto map outside_map interface Outside

Once I reapplied the above command, all pre-existing connection profiles are now visible and all tunnels are now showing as up with traffic counters increasing.

MHM Cisco World · ‎06-20-2024

That why I suggest check cli.

Glad issue is solved

Have a nice day

MHM