02-03-2014 09:08 AM - edited 03-11-2019 08:39 PM
Hi all
I have upgraded my asa's from 8.4 to 9.03 3 days ago
today we started losing all our site to site vpns
This has happened 3 times today, they then come back up on there own, the vpns are up but dont pass any traffic
any ideas ?
cheers
02-03-2014 11:36 AM
Have you had issues with the VPN the prior 3 days? Have you checked with your ISP to make sure it is not them that is having issues?
have you checked the logs to see if something there might indicate what is happening?
--
Please remember to rate and select a correct answer
02-03-2014 01:21 PM
The VPN connections have been ok since Friday
The ISP was also ok
The messages I saw I the logs kept saying no ike version matches this connection or something like that!
Any ideas?
02-04-2014 01:07 AM
Would you be able to post the full error you were recieving?
Are both ends of the site-2-site tunnel terminated on ASA running version 9.1?
--
Please remember to rate and select a correct answer
02-04-2014 09:50 AM
"no ike version matches this connection" is ambiguous; if the connection is failing to come up it's an error and the underlying cause needs to be fixed. If you have a mix of IKE1 and IKE2 stuff and the IKE2 stuff is warning that it can't do negotiations with IKE1, but proceeding to complete negotiations, then it's not a problem. I'm with Marius, we need more configuration information and log file to provide context for advice. What other crypto-related messages are being logged?
Also, could you post sanitized versions of things like:
sho run crypto
The amount of log information collected will go up if you can do things like:
logging trap debugging
logging debug-trace
debug crypto ...
Historically Cisco has suggested debug levels of 10, 120, and 254 to me depending on what we were looking for.
-- Jim Leinweber, WI State Lab of Hygiene
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: