02-06-2008 10:14 AM - edited 03-11-2019 04:59 AM
Out-of-the box configuration. Changed the internal ip range, DHCP pool and ASDM config. Then I ran the VPN wizard to connect a VPN client. I cant establish a tunnel what so ever. Find attached the config and the log.
Thank you in advanced for you help
Niko
02-06-2008 10:35 AM
I pulled this off of a working config, 5505 7.2(3)
=====================================
ip local pool vpnpool 10.x.y.1-10.x.y.10 mask 255.255.255.0
crypto ipsec transform-set AES256_SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map DYNAMICMAP 5 set transform-set AES256_SHA
crypto dynamic-map DYNAMICMAP 5 set security-association lifetime seconds 7200
crypto map CRYPTOMAP 5 ipsec-isakmp dynamic DYNAMICMAP
crypto map CRYPTOMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
group-policy GROUPPOLICYNAME internal
group-policy GROUPPOLICYNAME attributes
dns-server value 10.x.y.z
vpn-idle-timeout 120
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnel_acl
default-domain value domain.org
split-dns value domain.org
tunnel-group VPNGROUPNAME type ipsec-ra
tunnel-group VPNGROUPNAME general-attributes
address-pool vpnpool
default-group-policy GROUPPOLICYNAME
tunnel-group VPNGROUPNAME ipsec-attributes
pre-shared-key *
isakmp ikev1-user-authentication none
============================================
the very last line disables xauth...
02-06-2008 11:15 AM
Thanks for your quick response. I've tried to disable xauth already but no luck.
02-06-2008 11:21 AM
based on your configuration, you have to set the group name (in the cisco vpn client) to 10.0.0.0
is that really what you want?
you also don't have nat-t enabled, which might be causing issues.
if you don't want xauth, just add that last line under the tunnel-group ipsec attributes.
02-06-2008 11:22 AM
Hi Niko
Attached config is a mess, attach the config you made after analyzing srue's sample RA-VPN config
Regards
02-06-2008 12:07 PM
Thanks for your quick response. I've tried to disable xauth already but no luck.
02-06-2008 12:53 PM
Niko
Assuming that this is a start from scratch (you newly configure this device) and this config is messy (webvpn policy etc), I suggest you to load factory defaults, change your Lan IP and subnet, then follow this step by step guide to configure VPN
02-06-2008 12:58 PM
I'll give it a try.
thx
05-05-2010 08:53 AM
Dead Link see http://petenetlive.com/KB/Article/0000070.htm instead
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide