HELP - Site-to-Site VPN recreated every time I deploy some configuration

jose.stuchi · ‎05-15-2009

Hi everybody,

I have many site-to-site VPNs configured in my ASA. This device is added in CSM version 3.1.0.

Every time that I deploy some configuration to ASA, like static route configuration or ACLs, the system had a abnormal behaviour, recreating the last configuration of site-to-site VPN.

For instance, consider the configuration that follows:

...

crypto map VPNTEST 1 match address TEST

crypto map VPNTEST 1 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 1 set transform-set ESP-TEST

crypto map VPNTEST 1 set security-association lifetime seconds 3600

crypto map VPNTEST 1 set reverse-route

...

If I deploy some configuration from CSM to ASA, the next configuration of ASA will be:

...

crypto map VPNTEST 1 match address TEST

crypto map VPNTEST 1 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 1 set transform-set ESP-TEST

crypto map VPNTEST 1 set security-association lifetime seconds 3600

crypto map VPNTEST 1 set reverse-route

crypto map VPNTEST 2 match address TEST

crypto map VPNTEST 2 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 2 set transform-set ESP-TEST

crypto map VPNTEST 2 set security-association lifetime seconds 3600

crypto map VPNTEST 2 set reverse-route

...

If I deploy again, another crypto map will be created, as follows:

...

crypto map VPNTEST 3 match address TEST

crypto map VPNTEST 3 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 3 set transform-set ESP-TEST

crypto map VPNTEST 3 set security-association lifetime seconds 3600

crypto map VPNTEST 3 set reverse-route

...

Does anybody knows why this happens?

Thanks

J A Stuchi

handsy · ‎05-18-2009

What version of ASA IOS are you running? Have you checked for bugs using Cisco bug toolkit yet?

jose.stuchi · ‎05-20-2009

Hello,

I'm using ASA IOS 7.2(4) version.

I looked for this error in Bug ToolKit but I didn't find any answer.

Can you help me?

Thanks,

J A Stuchi