cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2712
Views
235
Helpful
115
Replies
Highlighted
Beginner

VPN Connectivity

We currently have a VPN setup for our users when they are on the road or working from home using Cisco AnyConnect. We have the VPN setup on our ASA 5508 Firewall.

 

I now have a client that we send data to that needs us to setup a VPN for the connection. I was wondering if there was anyone out there that would be able to help me create the VPN (IKEv1 or IKEv2) and fill out this VPN questionnaire. Thank you in advance!!

 

vpn1.png

115 REPLIES 115
Highlighted
VIP Mentor

Was the configuration saved previously? Was there power cut or was the ASA rebooted?

 

Login to the ASA via the CLI using putty, run the command write mem this should save the configuration to memory.

Highlighted

@Rob Ingram 

Yes, I did save the configurations. It seems when the ASA was rebooted it lost the settings. Why do the settings get wiped with a reboot of the ASA, is there a way to stop that from happening?

Highlighted
VIP Mentor

If you saved the configuration it should save the full configuration.

 

Perform a test (out of hours) make a change, save the configuration and reboot. If the settings are lost then you could potentially have a hardware/software issue, in which case you'd have to log a call with TAC.

 

Before testing, take a full backup of the ASA.

Highlighted

@Rob Ingram 

Okay, thanks!

 

What command do I need to run on CLI to check the connection? I cannot ping IP that I setup in NAT rules. It Times Out. I was looking back at the thread but wasnt sure which command it was for sure.

Highlighted
VIP Mentor

From memory, your traffic only permits traffic from the IP address of your server. Ideally you'd ping from that server or use the packet-tracer command to simulate the traffic - run the command twice.

Highlighted

@Rob Ingram 

 

Result of the command: "show crypto ikev2 sa"

There are no IKEv2 SAs

Highlighted

@Rob Ingram 

 

Would you be interested in helping me with the settings. I think since it was erased from ASDM, I have missed something when I set it up again. We could do a screen share. Let me know. Thank you!

Highlighted

Not sure if @Rob Ingram jumped into this already, if not, what specifically you think has been wiped out after the firewall reload? typically, if you save the config it should remain there, unless your device has a corrupted filesystem that does not allow storing the running config to the startup config. One easy way to verify this is to save, and then issuing the command show startup-config and check if the new changes are reflecting in there.

Highlighted

@Aref Alsouqi 

@Rob Ingram 

Thank you! Everything looks good when I run show startup-config, however, I did see a line that needs to be updated. Where would I update the email address in the line below? The user who's email is listed is no longer with the company. Thansk!

 

logging recipient-address xxxx@xxxx.com level alerts

 

 

Highlighted

@Aref Alsouqi 

@Rob Ingram 

 

I notice it only lets me choose one type of notification. How can I set more than one notification type for the same email address. I tried adding another one, but it said email address was already being used.

 

fw2.png

Highlighted
VIP Mentor

@wynneitmgr 

From the CLI you can use the following command to remove the old recipient and add a new recipient:-

 

no logging recipient-address xxxx@xxxx.com level alerts
logging recipient-address yyyy@xxxx.com level alerts

 

View solution in original post

Content for Community-Ad