10-12-2020 07:48 AM
We currently have a VPN setup for our users when they are on the road or working from home using Cisco AnyConnect. We have the VPN setup on our ASA 5508 Firewall.
I now have a client that we send data to that needs us to setup a VPN for the connection. I was wondering if there was anyone out there that would be able to help me create the VPN (IKEv1 or IKEv2) and fill out this VPN questionnaire. Thank you in advance!!
Solved! Go to Solution.
10-21-2020 09:30 AM
Does it not display them on the console?
What logging do you have enabled?
10-21-2020 10:27 AM
10-21-2020 11:10 AM
I assume you are connecting via SSH, if so enter these commands:
logging enable
logging monitor notifications
logging buffer-size 16000
With those debug commands previously configured, run a ping for a while, this should generate some debug logs. Once you've finished generating the debugs, turn off debugging using the command "undeb all".
10-21-2020 11:16 AM
10-21-2020 11:22 AM
You need to enter the command "conf t" and then you can enter those commands
10-21-2020 11:42 AM
10-21-2020 11:48 AM
You need to ping from WYNNEAPP1 server to the Comdata server.
If you ping from the ASA itself, it won't match the local address you defined when configuring the VPN.
10-21-2020 01:30 PM
I had all the logging enabled using Putty. Then I ping'd the IPs from WYNNEAPPS1 but nothing showed up in the console on Putty. Where should I be looking for the debug messages?
10-22-2020 03:06 AM - edited 10-22-2020 03:06 AM
Logs won't show up on the screen unless you configure a monitor logging, debugs instead should show up when you enable them. However, you need to generate some interesting traffic before you can see the crypto IKE debugs. Try to use packet-tracer to simulate some VPN traffic:
packet-tracer input <internal interface> icmp <local endpoint IP> 8 0 <remote endpoint IP>
10-21-2020 01:59 PM
It should appear in putty. One potentially reason the logs don't appear is if your ACL is incorrect and the traffic does not match and therefore not trigger the tunnel.
Can you please provide your configuration file and I'll have a look.
10-21-2020 02:14 PM
Are you wanting the VPN configuration file? How do I export that from ASDM?
10-22-2020 01:54 AM
In ASDM navigate to Tools > Backup Configurations. I don't need the full configuration, just the running-configuration. Save as a file and upload the file for review.
10-22-2020 05:52 AM
10-22-2020 10:13 AM
You need to slightly tweak your NAT exemption rule, as there is another more specific rule for "WYNNEAPPS" that is above it.
Copy and paste the below
no nat (inside,outside) after-auto source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp
nat (inside,outside) source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp
Run your test ping again from 10.0.0.3.
10-22-2020 10:18 AM
Will this affect any connections I already have with WYNNEAPPS1, I dont want to interfere with other connections. Thank you!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide