ASA5505 Remote Access VPN

Unanswered Question
Mar 25th, 2008
User Badges:

I have an ASA5505. For some reason, I can;t get remote access VPN to work! I keep getting an error with reason 412 on my Cisco VPN client. Everything *seems* to be right, but then again, I'm using the ASDM to work on this and it wasn't exactly helpful with the access-lists. Can someone take a look and tell me if this config looks right to you? Right now, I'm just trying to get a connection to establish. THEN I'll worry about split-tunneling and access to resources, etc. I already have a pair of site-to-site VPN tunnels running and working perfectly. It's the remote access that's gving me headaches. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbrunsting Tue, 03/25/2008 - 13:39
User Badges:

Okay, I realized a few stupid things I was doing in the client side. Please ignore a lot of this. However, I've now progressed to the point where it's saying "Negotiating security policies..." and then bombs out with "Reason 433: (Reason Not Specified by Peer)"

Command line all the way!

access-list nonat extended permit ip

access-list splittunnel extended permit ip

local pool Remote_Users

nat (inside) 0 access-list nonat

group-policy Remote_Users internal

group-policy Remote_Users attributes

dns-server value


vpn-idle-timeout 20

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel

username admin password usKBR9pR4f8aT7eY encrypted privilege 15

crypto ipsec transform-set Remote_Users esp-3des esp-md5-hmac

crypto dynamic-map dyn1 1 set transform-set Remote_Users

crypto map mymap 2 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 20

tunnel-group Remote_Users type ipsec-ra

tunnel-group Remote_Users general-attributes

address-pool Remote_Users

default-group-policy Remote_Users

tunnel-group Remote_Users ipsec-attributes

pre-shared-key *


This Discussion