Setting-up VPN access for Microsoft Clients

Unanswered Question
Jan 22nd, 2008
User Badges:


I'm setting up IPsec remote VPN access and I'm following the below guide.

The only difference is that instead of ticking Cisco VPN client, I select the Microsoft Windows Client using chap, chap-v1 and chap-v2.

I configure up a VPN client connection on Windows XP with a public static ip address. All traffic to this static ip address is forwarded to my outside interface on the ASA.

However all VPN connections are denied with a "UDP inbound connection denied" on port 500.

The specified ip address in the log message is the public static ip that I've specified in my VPN client.

So I added the below to allow access on this port.

access-list outside_access_in extended permit udp any host eq isakmp

( is the public ip.

However I still get a denied connection message via the explicit denied all rule on the outside interface. Packet-trace gives the same result.

Any ideas or useful guides on how to setup IPsec remote VPN access via a Cisco ASA for Microsoft VPN clients?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amritpatek Mon, 01/28/2008 - 12:05
User Badges:
  • Silver, 250 points or more

Check and enable sysopt connection permit-vpn. You may be hitting cisco bug CSCsh24110. In such a case upgrade the ASA's software.


This Discussion