My ASA 5510 has stopped accepting connections today. I cannot connect with ASDM either. ASDM hangs at "Contacting the device. Please wait" and does not return an error or time out. I can telnet into the device but my CLI knowledge is elementary at best. I'm trying to determine how to view or enable the correct logging and view via CLI. I have looked at the client log from one of the users that cannot get in and have attached it. It looks like Phase 1 is not completing but I'm not sure how to view what the ASA is logging. I have run debug cry isa and debug cry ipsec but it just returns to the prompt and I'm not sure what I should expect to see or what command to run to view the results.
If you could post your config, that would do....please take of the important stuff in there. Your live ip, passwords and the enchilada that's not so needed. As well do some debugs when you try starting the session with your remote client, see if you could capture that and send too! that might come in very very handy dandy!
debug crypto isakmp
debug crypto ipsec
For starters could give some little more information.
if you are on a telenet session, do a term mon to see the debugging messages on your screen.
also, debug cry ikev1 7 and debug cry ipsec 7 on your asa should help you see import debug messages on your asa telnet/console session.
lastly, have you tried changing your keepalives to a lower value just to make sure there is a constant udp 500 pkt being sent out to your ipsec peers. this would also help in finding out which phase your ipsec negotiations are failing and the reason.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...