cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
612
Views
0
Helpful
2
Replies

L2TP over IPSec, ASA 8.0

isk-admin
Level 1
Level 1

We use CISCO VPN Client for RA. Now, a special application have to work with L2TP over IPSec. First I configure as shown in http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml#win and after with VPN Wizzard. Both times I cannot connect but don t know why. Phase 1 is established and an error occured while Phase 2:

PIX|ASA-6-713177

PIX|ASA-3-713902

I tested behind and in front of an nat-device with same error. client-identity is configured for ip-address. Whats going wrong?

Is it possible to configure an ACL for port 1701? I read something like that in earlier postings but cannot believe it.

Regards

Helmut

2 Replies 2

vkapoor5
Level 5
Level 5

If the user is an L2TP client that uses Microsoft CHAP version 1 or version 2, and the security appliance is configured - to authenticate against the local database, you must include the mschap keyword. For example, username password mschap.

Note tunnel-group must be the DefaultRAGroup name.

My question is why does

DefaultRAGroup

have to be used and not another name

such as for example RemoteRA

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: