07-28-2023 01:48 PM
I have a vpn connection between two cisco asa 5512 that failed. I restored an older backup with ASDM but the vpn is still down. What can I do to restore the vpn? Thank you.
07-28-2023 02:06 PM
can you more elaborate
07-28-2023 02:37 PM
The VPN was L2L, had crypto map configured with "ip" traffic selection and was functional. I added icmp to the traffic selection and the vpn failed. On such a cisco I did a restore to a backup from 26.07.2023 when the vpn was functional, but even with this configuration I did not manage to make the vpn functional. What I did wrong?
07-28-2023 02:43 PM
friend are you use SLA monitor in ASA for ISP ?
07-28-2023 02:48 PM
no
07-28-2023 02:52 PM
Is s2s vpn is ikev2 ? If yes make peer clear crypto isakmp and clear crypto sa
07-28-2023 02:54 PM
No, its ikev1.
07-28-2023 02:57 PM
Did you try initiate traffic to make tunnel up?
07-28-2023 03:01 PM
I try initiate traffic with packet tracer.
07-28-2023 03:04 PM
Do packet tracer twice to work.
Also for rsa what is auth of vpn you use psk or rsa
07-28-2023 03:02 PM
I talked to someone and he told me to access the show crypto key mypubkey rsa command and copy the key data, but I didn't understand where.
07-28-2023 03:08 PM
I used psk.
07-28-2023 03:12 PM
Ok'
1- add psk again' sometime between backup and restore the config the pks is corrupt
2- do packet-tracer twice to make tunnel up or connect pc and initiate real traffic
07-28-2023 03:25 PM
I verify psk with: more system: running-config | in key and is correct. I use packet-tracer twice and the same result: MM_WAIT_MSG2.
07-28-2023 03:30 PM
Can you access to both asa ?
If yes access and clear crypto sa and clear crypto isakmp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide