L2TP over IPSec, ASA 8.0

Unanswered Question
Apr 21st, 2008

We use CISCO VPN Client for RA. Now, a special application have to work with L2TP over IPSec. First I configure as shown in http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml#win and after with VPN Wizzard. Both times I cannot connect but don t know why. Phase 1 is established and an error occured while Phase 2:



I tested behind and in front of an nat-device with same error. client-identity is configured for ip-address. Whats going wrong?

Is it possible to configure an ACL for port 1701? I read something like that in earlier postings but cannot believe it.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vkapoor5 Fri, 04/25/2008 - 08:12

If the user is an L2TP client that uses Microsoft CHAP version 1 or version 2, and the security appliance is configured - to authenticate against the local database, you must include the mschap keyword. For example, username password mschap.

Note tunnel-group must be the DefaultRAGroup name.

bitrob2000 Wed, 09/30/2009 - 09:37

My question is why does


have to be used and not another name

such as for example RemoteRA


This Discussion