Hi,
I'm setting up IPsec remote VPN access and I'm following the below guide.
http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/rem_acc.html
The only difference is that instead of ticking Cisco VPN client, I select the Microsoft Windows Client using chap, chap-v1 and chap-v2.
I configure up a VPN client connection on Windows XP with a public static ip address. All traffic to this static ip address is forwarded to my outside interface on the ASA.
However all VPN connections are denied with a "UDP inbound connection denied" on port 500.
The specified ip address in the log message is the public static ip that I've specified in my VPN client.
So I added the below to allow access on this port.
access-list outside_access_in extended permit udp any host xxx.xxx.xxx.xxx eq isakmp
(xxx.xxx.xxx.xxx) is the public ip.
However I still get a denied connection message via the explicit denied all rule on the outside interface. Packet-trace gives the same result.
Any ideas or useful guides on how to setup IPsec remote VPN access via a Cisco ASA for Microsoft VPN clients?
Cheers
Starkhorn