04-20-2010 11:15 AM - edited 03-11-2019 10:35 AM
We have a remote site with a 5505 that builds a VPN tunnel back to our 5550. The unit failed, and I am on vacation... The network engineer that responded showed up with a brand new ASA5505. He didn't have the config, so he swapped the flash from the failed unit (the unit really failed, it wasn't just the power brick) and put it in the new ASA and it booted, but didn't build a tunnel back to our 5550.
Does anyone know if there's something that needs to happen, like regenerating certificate or something? Is there a reason why swapping flash wouldn't bring this unit up?
Thanks,
Tim
04-20-2010 01:16 PM
Hi,
The new unit is working fine?
Meaning... it has Internet access?
If the configuration is exactly the same as the previous ASA 5505, the tunnel should establish.
Perhaps it is not connected physically in the same way, or is not getting IP from the DHCP, or something is missing in the configuration.
Federico.
04-20-2010 06:57 PM
I was told the engineer that stepped in to help brought a brand new ASA5505 with him, opened it up, swapped the flash and brought the new one up but it did not come up and build a tunnel. Supposedly he hooked it up correctly, but I am wondering if he cabled it up the same. I was mostly concerned that something else needed to happen, like "crypto key generate" or something else that would prohibit the unit from operating. I guess it will have to wait until I return. Thanks!
04-20-2010 07:08 PM
There's no need to regenerate the RSA keys to bring an IPsec tunnel up.
You need RSA keys for other purposes like if using Digital Certificates for authentication for the VPN connection or using management SSH connections to the ASA.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide