10-12-2020 07:48 AM
We currently have a VPN setup for our users when they are on the road or working from home using Cisco AnyConnect. We have the VPN setup on our ASA 5508 Firewall.
I now have a client that we send data to that needs us to setup a VPN for the connection. I was wondering if there was anyone out there that would be able to help me create the VPN (IKEv1 or IKEv2) and fill out this VPN questionnaire. Thank you in advance!!
Solved! Go to Solution.
11-19-2020 01:22 PM - edited 11-19-2020 01:22 PM
Was the configuration saved previously? Was there power cut or was the ASA rebooted?
Login to the ASA via the CLI using putty, run the command write mem this should save the configuration to memory.
11-19-2020 01:25 PM
Yes, I did save the configurations. It seems when the ASA was rebooted it lost the settings. Why do the settings get wiped with a reboot of the ASA, is there a way to stop that from happening?
11-19-2020 01:31 PM
If you saved the configuration it should save the full configuration.
Perform a test (out of hours) make a change, save the configuration and reboot. If the settings are lost then you could potentially have a hardware/software issue, in which case you'd have to log a call with TAC.
Before testing, take a full backup of the ASA.
11-19-2020 01:34 PM
Okay, thanks!
What command do I need to run on CLI to check the connection? I cannot ping IP that I setup in NAT rules. It Times Out. I was looking back at the thread but wasnt sure which command it was for sure.
11-19-2020 01:36 PM
From memory, your traffic only permits traffic from the IP address of your server. Ideally you'd ping from that server or use the packet-tracer command to simulate the traffic - run the command twice.
11-19-2020 01:37 PM
11-20-2020 04:19 AM
Would you be interested in helping me with the settings. I think since it was erased from ASDM, I have missed something when I set it up again. We could do a screen share. Let me know. Thank you!
11-25-2020 11:18 AM
Not sure if @Rob Ingram jumped into this already, if not, what specifically you think has been wiped out after the firewall reload? typically, if you save the config it should remain there, unless your device has a corrupted filesystem that does not allow storing the running config to the startup config. One easy way to verify this is to save, and then issuing the command show startup-config and check if the new changes are reflecting in there.
11-27-2020 06:27 AM
Thank you! Everything looks good when I run show startup-config, however, I did see a line that needs to be updated. Where would I update the email address in the line below? The user who's email is listed is no longer with the company. Thansk!
logging recipient-address xxxx@xxxx.com level alerts
11-27-2020 06:37 AM
I notice it only lets me choose one type of notification. How can I set more than one notification type for the same email address. I tried adding another one, but it said email address was already being used.
11-27-2020 06:38 AM
From the CLI you can use the following command to remove the old recipient and add a new recipient:-
no logging recipient-address xxxx@xxxx.com level alerts
logging recipient-address yyyy@xxxx.com level alerts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide