Cisco ASA VPN

iburlacu · ‎07-28-2023

I have a vpn connection between two cisco asa 5512 that failed. I restored an older backup with ASDM but the vpn is still down. What can I do to restore the vpn? Thank you.

MHM Cisco World · ‎07-28-2023

can you more elaborate

iburlacu · ‎07-28-2023

The VPN was L2L, had crypto map configured with "ip" traffic selection and was functional. I added icmp to the traffic selection and the vpn failed. On such a cisco I did a restore to a backup from 26.07.2023 when the vpn was functional, but even with this configuration I did not manage to make the vpn functional. What I did wrong?

MHM Cisco World · ‎07-28-2023

friend are you use SLA monitor in ASA for ISP ?

iburlacu · ‎07-28-2023

no

MHM Cisco World · ‎07-28-2023

Is s2s vpn is ikev2 ? If yes make peer clear crypto isakmp and clear crypto sa

iburlacu · ‎07-28-2023

No, its ikev1.

MHM Cisco World · ‎07-28-2023

Did you try initiate traffic to make tunnel up?

iburlacu · ‎07-28-2023

I try initiate traffic with packet tracer.

MHM Cisco World · ‎07-28-2023

Do packet tracer twice to work.

Also for rsa what is auth of vpn you use psk or rsa

iburlacu · ‎07-28-2023

I talked to someone and he told me to access the show crypto key mypubkey rsa command and copy the key data, but I didn't understand where.

iburlacu · ‎07-28-2023

I used psk.

MHM Cisco World · ‎07-28-2023

Ok'

1- add psk again' sometime between backup and restore the config the pks is corrupt

2- do packet-tracer twice to make tunnel up or connect pc and initiate real traffic

iburlacu · ‎07-28-2023

I verify psk with: more system: running-config | in key and is correct. I use packet-tracer twice and the same result: MM_WAIT_MSG2.

MHM Cisco World · ‎07-28-2023

Can you access to both asa ?

If yes access and clear crypto sa and clear crypto isakmp