Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

Replacing a failed ASA5505 question

We have a remote site with a 5505 that builds a VPN tunnel back to our 5550.  The unit failed, and I am on vacation...  The network engineer that responded showed up with a brand new ASA5505.  He didn't have the config, so he swapped the flash from the failed unit (the unit really failed, it wasn't just the power brick) and put it in the new ASA and it booted, but didn't build a tunnel back to our 5550.

Does anyone know if there's something that needs to happen, like regenerating certificate or something?  Is there a reason why swapping flash wouldn't bring this unit up?

Thanks,

Tim

  • Firewalling
3 REPLIES

Re: Replacing a failed ASA5505 question

Hi,

The new unit is working fine?

Meaning... it has Internet access?

If the configuration is exactly the same as the previous ASA 5505, the tunnel should establish.

Perhaps it is not connected physically in the same way, or is not getting IP from the DHCP, or something is missing in the configuration.

Federico.

New Member

Re: Replacing a failed ASA5505 question

I was told the engineer that stepped in to help brought a brand new ASA5505 with him, opened it up, swapped the flash and brought the new one up but it did not come up and build a tunnel. Supposedly he hooked it up correctly, but I am wondering if he cabled it up the same. I was mostly concerned that something else needed to happen, like "crypto key generate" or something else that would prohibit the unit from operating. I guess it will have to wait until I return. Thanks!

Re: Replacing a failed ASA5505 question

There's no need to regenerate the RSA keys to bring an IPsec tunnel up.

You need RSA keys for other purposes like if using Digital Certificates for authentication for the VPN connection or using management SSH connections to the ASA.

Federico.

320
Views
0
Helpful
3
Replies