cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
321
Views
1
Helpful
6
Replies

l2l connection profiles gone

dl_itnetwork
Level 1
Level 1

Recently added a new l2l vpn tunnel for a new site and after building out and bringing up the tunnel, all connection profiles and crypto maps are now missing from the asdm > configuration > site-to-site vpn > connection profiles list and asdm > configuration > site-to-site vpn > crypto maps. If I try to recreate those profiles, I get an error msg saying the profile already exists. Lastly, now all the tunnel connections are down and we're unable to bring them back up.

Has anyone ever seen this happen before?

6 Replies 6

cany you see the config via CLI ?

MHM

dl_itnetwork
Level 1
Level 1

I believe so,

All the following are present:
     transform-sets
     both ikev1 and v2 proposals
     crypto maps
     crypto ike policies
     crypto ike1,2 are enabled and assigned to their respective interfaces as before
     group-policies
     tunnel-groups

We've reloaded the device in the hopes that maybe we're up against a bug but no luck. Info is still missing when viewing in ASDM.

 

 

Cisco Secure Firewall ASA Compatibility - Cisco

check then the compatibility between ASA and asdm 

MHM

dl_itnetwork
Level 1
Level 1

Device: ASA5512
ASA Version: 9.12(4)67
ASDM Version: 7.18(1)152

Edit to add:
I picked one of the pre-existing tunnels and ran packet-tracer via cli, all phases pass with ALLOW result and the final result being:

Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: allow

dl_itnetwork
Level 1
Level 1

Found the issue by doing a config compare from an older snapshot. For some reason the following command/line item was missing:

crypto map outside_map interface Outside

Once I reapplied the above command, all pre-existing connection profiles are now visible and all tunnels are now showing as up with traffic counters increasing.

That why I suggest check cli.

Glad issue is solved 

Have a nice day 

MHM

Review Cisco Networking for a $25 gift card