I have just noticed that on one (I haven't investigated other yet) of our ASA nodes that NCM shows us to have 6 Site-to-site VPN tunnels, 5 of which show down status.
Our issue here is, there is only one configured site to site tunnel on this ASA. Where is NCM picking up the other 5 that don't exist?
I think this question should be in the NPM section and NCM does not provide this info. But could the other 5 tunnels just be old ones that have been deleted over time?
Do they show as down - red? or are they just unreachable - grey?
These are/were showing as red.
If you have seen my recent posts, this is basically a fresh install of Orion. Manually added all of our firewalls to this install. There is no reason for any residual tunnels to be showing. In fact one of the firewalls we have only ever had 2 tunnels configured at all, and these that show down, were never on the firewall.
Did you ever get a resolution to this? I'm seeing a over a dozen "failed" s2s vpn connections that never existed in the first place. All of these are just attempts by outside entities to establish a connection to us. Mostly ShadowServer (just doing what they do, I guess) but a few from random other entities.
I think I might have found my answer.
These specific tunnels never existed on this ASA at all. However, it appears that something was attempting to MAKE a S2S VPN connection using several different IPs in series when I happened to notice this in Orion.
Looking this morning and I only see the 1 S2S VPN that SHOULD be there, and not the others that I saw last week.
I will keep an eye open to see if this is a common occurrence across all our firewalls.
EDIT: I checked our office firewall after I replied and I see 23 VPN tunnels all in DOWN state because of PHASE 1 failure. We have never had more than 5 S2S VPN tunnels setup on this firewall. Further evidence that these tunnels are being added to the profile simply because they show up as attempts in the firewall log?!?!?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.