Remote Access VPN Configuration error in ASDM

Unanswered Question
Feb 22nd, 2008


I am having trouble configuring remote access vpn using ASDM [ASDM Version 5.2(2)] on ASA 5505 [ASA Version 7.2(2)]. I get the following error message. Please help!!!

ASDM received message(s) below when one or more of the commands below were sent to the ASA. [OK] means success, [ERROR] means failure, [INFO] means information, and [WARNING] means warning message received.

[OK] crypto isakmp enable outside

[OK] access-list inside_nat0_outbound line 1 extended permit ip

[OK] username Hiteishee password eAXNRI6VJlqT/0O6 encrypted privilege 0

[OK] username Hiteishee attributes

username Hiteishee attributes

[WARNING] vpn-group-policy cisco

group-policy <cisco> does not exist

[OK] ip local pool RemoteClientPool

[OK] group-policy cisco internal

[OK] group-policy cisco attributes

group-policy cisco attributes

[OK] vpn-tunnel-protocol IPSec

[OK] dns-server value

[OK] tunnel-group cisco type ipsec-ra

[OK] tunnel-group cisco general-attributes

tunnel-group cisco general-attributes

[OK] default-group-policy cisco

[OK] address-pool RemoteClientPool

[OK] tunnel-group cisco ipsec-attributes

tunnel-group cisco ipsec-attributes

[OK] pre-shared-key cisco

[OK] crypto isakmp policy 10 authen pre-share

[OK] crypto isakmp policy 10 encrypt 3des

[OK] crypto isakmp policy 10 hash sha

[OK] crypto isakmp policy 10 group 2

[OK] crypto isakmp policy 10 lifetime 86400

[OK] crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

[OK] crypto dynamic-map outside_dyn_map 20 set pfs group2

[OK] crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

[OK] crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

[OK] crypto map outside_map interface outside

[OK] nat (inside) 0 access-list inside_nat0_outbound tcp 0 0 udp 0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pjhenriqs Fri, 02/22/2008 - 03:17

I would advise you to use the CLI for this.

Just check if you can configure the group policy on your user like so:

username Hiteishee attributes

vpn-group-policy cisco

That seems to be the only thing that failed from ASDM.

You can also check on ASDM which is the group-policy that was applied to this user and change it to "cisco".



a.ajiboye Fri, 03/07/2008 - 04:38

I wiped out the config on the Firewall and re-configured the Firewall. I was still getting the same error message.

I simply ignored the error message and everything worked fine.


This Discussion