We currently have a VPN setup for our users when they are on the road or working from home using Cisco AnyConnect. We have the VPN setup on our ASA 5508 Firewall.
I now have a client that we send data to that needs us to setup a VPN for the connection. I was wondering if there was anyone out there that would be able to help me create the VPN (IKEv1 or IKEv2) and fill out this VPN questionnaire. Thank you in advance!!
Solved! Go to Solution.
Was the configuration saved previously? Was there power cut or was the ASA rebooted?
Login to the ASA via the CLI using putty, run the command write mem this should save the configuration to memory.
Yes, I did save the configurations. It seems when the ASA was rebooted it lost the settings. Why do the settings get wiped with a reboot of the ASA, is there a way to stop that from happening?
If you saved the configuration it should save the full configuration.
Perform a test (out of hours) make a change, save the configuration and reboot. If the settings are lost then you could potentially have a hardware/software issue, in which case you'd have to log a call with TAC.
Before testing, take a full backup of the ASA.
What command do I need to run on CLI to check the connection? I cannot ping IP that I setup in NAT rules. It Times Out. I was looking back at the thread but wasnt sure which command it was for sure.
From memory, your traffic only permits traffic from the IP address of your server. Ideally you'd ping from that server or use the packet-tracer command to simulate the traffic - run the command twice.
Would you be interested in helping me with the settings. I think since it was erased from ASDM, I have missed something when I set it up again. We could do a screen share. Let me know. Thank you!
Not sure if @Rob Ingram jumped into this already, if not, what specifically you think has been wiped out after the firewall reload? typically, if you save the config it should remain there, unless your device has a corrupted filesystem that does not allow storing the running config to the startup config. One easy way to verify this is to save, and then issuing the command show startup-config and check if the new changes are reflecting in there.
Thank you! Everything looks good when I run show startup-config, however, I did see a line that needs to be updated. Where would I update the email address in the line below? The user who's email is listed is no longer with the company. Thansk!
logging recipient-address firstname.lastname@example.org level alerts