Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1832
Views
0
Helpful
3
Replies

VPN connection lost.....

toddyboman
Level 1
Level 1

‎06-28-2011 07:25 AM

So I have lost my VPN connection......Not sure why really but I have.

My main office has asa 5510.

My 3 remote offices have asa 5505. 

First thing I check on my 5510 was:

Result of the command: "show isakmp sa"

   Active SA: 3
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3

1   IKE Peer: yyy.yyy.yyy.yyy
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_WAIT_MSG3
2   IKE Peer: xxx.xxx.xxx.xxx
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_WAIT_MSG3

3   IKE Peer: zzz.zzz.zzz.zzz

    Type    : user            Role    : responder

    Rekey   : no              State   : MM_WAIT_MSG3

And my 5505 show the same response.....

So my first question is why is the type: user????  Prior this was l2l.  But I can't seem to see where setting has been changed.....

Any help would be great!  Thanks!

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-30-2011 06:04 AM

It will be L2L once the VPN gets succesfully established. At the moment it's still waiting for MSG3 so it's not completed yet. There are 6 messages within phase 1.

0 Helpful

toddyboman
Level 1
Level 1
In response to Jennifer Halim

‎06-30-2011 07:32 AM

Ok.....

The VPN was working fine.  Then my main office with the 5510 lost power due to a storm when this happened all the vpn connections where obviously dropped.  Once the main office restored power again all the computers in house to work and establish connections to the server and internet but no vpn connections worked.....

I ended up recoding the 5510 to make the vpn connections work......I didn't change anything just deleted the code line then added it back in.

So my question now is why would this have happend just because of a simple power loss???

Thanks for the reply!

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to toddyboman

‎06-30-2011 03:42 PM

Hmm, good question.

I guess with any electrical glitch, this problem might happen. The quickest way is to save the config and reload the ASA, and normally that resolves the issue. Or, you can also try to clear all the tunnels using "clear cry ipsec sa" and "clear cry isa sa" to clear up any existing tunnels that might have been still not removed.

0 Helpful
Customers Also Viewed These Support Documents