11-09-2016 06:03 AM
Hi,
I have received a task to config two ASA to build site-to-site connections. I used to finish it successfully, but no luck this time, and i don't understand how this happened.
I can input every commands , but only not this one, on both ASA:
asa(config)# tunnel-group x.x.x.x type ipsec-l2l
^
ERROR: % Invalid input detected at '^' marker.
asa(config)# tunnel-group x.x.x.x ?
configure mode commands/options:
general-attributes Enter the general-attributes sub command mode
ipsec-attributes Enter the ipsec-attributes sub command mode
There is no "type" . It is not available.
Would you please advise how can i solve this problem? Thanks.
ASA versions:
ASA (a)
Cisco Adaptive Security Appliance Software Version 9.2(4)
Device Manager Version 7.2(1)
Compiled on Tue 14-Jul-15 22:19 by builders
System image file is "disk0:/asa924-k8.bin"
Config file at boot was "startup-config"
asa up 187 days 22 hours
Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 2048MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
ASA(B)
Cisco Adaptive Security Appliance Software Version 9.2(2)4
Device Manager Version 7.3(1)
Compiled on Tue 29-Jul-14 22:39 by builders
System image file is "disk0:/asa922-4-k8.bin"
Config file at boot was "startup-config"
danielASA up 8 days 5 hours
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
11-09-2016 11:08 AM
The ASA must be in single routed mode in order to configure the tunnel group parameters.
ASA(config)# mode single
11-09-2016 11:17 AM
When you issue the above command, the ASA reboots. Make sure you backup your config before entering that command:
ASA(config)# copy flash:old_running.cfg startup-config
11-09-2016 10:41 PM
Hi gpauwen,
Tried but failed..
ASA(config)# mode single
^
ERROR: % Invalid input detected at '^' marker.
Any other hints?
11-09-2016 10:45 PM
This means that you have already defined the tunnel-group related to IP X.X.X.X.
Execute "show run tunnel-group" and you will be able to see that.
Here is the output from my lab ASA
ciscoasa(config)# tunnel-group 1.1.1.1 type ipsec-l2l
ciscoasa(config)#
ciscoasa(config)# tunnel-group 1.1.1.1 ?
configure mode commands/options:
general-attributes Enter the general-attributes sub command mode
ipsec-attributes Enter the ipsec-attributes sub command mode
ciscoasa(config)#
ciscoasa(config)# show run tunnel-group
tunnel-group 1.1.1.1 type ipsec-l2l
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
11-10-2016 12:20 AM
Hello,
Dinesh is probably right on the money.
On a side note, make sure your privilege level is high enough. As an admin, you would usually have level 15.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide