04-21-2008 05:40 AM - edited 02-21-2020 01:59 AM
We use CISCO VPN Client for RA. Now, a special application have to work with L2TP over IPSec. First I configure as shown in http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml#win and after with VPN Wizzard. Both times I cannot connect but don t know why. Phase 1 is established and an error occured while Phase 2:
PIX|ASA-6-713177
PIX|ASA-3-713902
I tested behind and in front of an nat-device with same error. client-identity is configured for ip-address. Whats going wrong?
Is it possible to configure an ACL for port 1701? I read something like that in earlier postings but cannot believe it.
Regards
Helmut
04-25-2008 08:12 AM
If the user is an L2TP client that uses Microsoft CHAP version 1 or version 2, and the security appliance is configured - to authenticate against the local database, you must include the mschap keyword. For example, username
Note tunnel-group must be the DefaultRAGroup name.
09-30-2009 09:37 AM
My question is why does
DefaultRAGroup
have to be used and not another name
such as for example RemoteRA
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: