Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

HELP - Site-to-Site VPN recreated every time I deploy some configuration

Hi everybody,

I have many site-to-site VPNs configured in my ASA. This device is added in CSM version 3.1.0.

Every time that I deploy some configuration to ASA, like static route configuration or ACLs, the system had a abnormal behaviour, recreating the last configuration of site-to-site VPN.

For instance, consider the configuration that follows:

...

crypto map VPNTEST 1 match address TEST

crypto map VPNTEST 1 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 1 set transform-set ESP-TEST

crypto map VPNTEST 1 set security-association lifetime seconds 3600

crypto map VPNTEST 1 set reverse-route

...

If I deploy some configuration from CSM to ASA, the next configuration of ASA will be:

...

crypto map VPNTEST 1 match address TEST

crypto map VPNTEST 1 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 1 set transform-set ESP-TEST

crypto map VPNTEST 1 set security-association lifetime seconds 3600

crypto map VPNTEST 1 set reverse-route

crypto map VPNTEST 2 match address TEST

crypto map VPNTEST 2 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 2 set transform-set ESP-TEST

crypto map VPNTEST 2 set security-association lifetime seconds 3600

crypto map VPNTEST 2 set reverse-route

...

If I deploy again, another crypto map will be created, as follows:

...

crypto map VPNTEST 3 match address TEST

crypto map VPNTEST 3 set peer PEER-DBA-100.100.100.100

crypto map VPNTEST 3 set transform-set ESP-TEST

crypto map VPNTEST 3 set security-association lifetime seconds 3600

crypto map VPNTEST 3 set reverse-route

...

Does anybody knows why this happens?

Thanks

J A Stuchi

2 REPLIES
New Member

Re: HELP - Site-to-Site VPN recreated every time I deploy some c

What version of ASA IOS are you running? Have you checked for bugs using Cisco bug toolkit yet?

New Member

Re: HELP - Site-to-Site VPN recreated every time I deploy some c

Hello,

I'm using ASA IOS 7.2(4) version.

I looked for this error in Bug ToolKit but I didn't find any answer.

Can you help me?

Thanks,

J A Stuchi

113
Views
0
Helpful
2
Replies