Setting-up VPN access for Microsoft Clients

Unanswered Question
Jan 22nd, 2008


I'm setting up IPsec remote VPN access and I'm following the below guide.

The only difference is that instead of ticking Cisco VPN client, I select the Microsoft Windows Client using chap, chap-v1 and chap-v2.

I configure up a VPN client connection on Windows XP with a public static ip address. All traffic to this static ip address is forwarded to my outside interface on the ASA.

However all VPN connections are denied with a "UDP inbound connection denied" on port 500.

The specified ip address in the log message is the public static ip that I've specified in my VPN client.

So I added the below to allow access on this port.

access-list outside_access_in extended permit udp any host eq isakmp

( is the public ip.

However I still get a denied connection message via the explicit denied all rule on the outside interface. Packet-trace gives the same result.

Any ideas or useful guides on how to setup IPsec remote VPN access via a Cisco ASA for Microsoft VPN clients?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amritpatek Mon, 01/28/2008 - 12:05

Check and enable sysopt connection permit-vpn. You may be hitting cisco bug CSCsh24110. In such a case upgrade the ASA's software.


This Discussion