VPN has stopped accepting connections

phillip.b · ‎06-08-2012

My ASA 5510 has stopped accepting connections today. I cannot connect with ASDM either. ASDM hangs at "Contacting the device. Please wait" and does not return an error or time out. I can telnet into the device but my CLI knowledge is elementary at best. I'm trying to determine how to view or enable the correct logging and view via CLI. I have looked at the client log from one of the users that cannot get in and have attached it. It looks like Phase 1 is not completing but I'm not sure how to view what the ASA is logging. I have run debug cry isa and debug cry ipsec but it just returns to the prompt and I'm not sure what I should expect to see or what command to run to view the results.

Azubuike Obiora · ‎06-08-2012

HI Philips,

If you could post your config, that would do....please take of the important stuff in there. Your live ip, passwords and the enchilada that's not so needed. As well do some debugs when you try starting the session with your remote client, see if you could capture that and send too! that might come in very very handy dandy!

debug crypto isakmp

debug crypto ipsec

For starters could give some little more information.

We might get at somethings hopefully.

Cheers!

Teddy

mikull.kiznozki · ‎06-08-2012

if you are on a telenet session, do a term mon to see the debugging messages on your screen.

also, debug cry ikev1 7 and debug cry ipsec 7 on your asa should help you see import debug messages on your asa telnet/console session.

lastly, have you tried changing your keepalives to a lower value just to make sure there is a constant udp 500 pkt being sent out to your ipsec peers. this would also help in finding out which phase your ipsec negotiations are failing and the reason.

phillip.b · ‎06-20-2012

Thank you for the suggestions. I apologize for just now getting back to this question. I rebooted the ASA and the problem was resolved.