Draytek 2800 -> L2TP over IPSEC -> Cisco ASA 5510 (v8.03)

Unanswered Question
Jun 4th, 2008
User Badges:


Im trying to get a l2tp over ipsec vpn setup between a draytek router and a 5510 with latest firmware.

I have attached the syslog output of the cisco and the current running configuration.

following two lines are of interest and indicate some sort of error

4|Jun 04 2008|16:18:34|113019|||Group = DefaultRAGroup, Username = , IP = x.x.x.x, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

5|Jun 04 2008|16:18:34|713904|||Group = DefaultRAGroup, IP = x.x.x.x, All IPSec SA proposals found unacceptable!

Phase 1 completes successfully but negotiating phase 2 details fails.

It should be using AES and SHA.

Help would be much appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Wed, 06/04/2008 - 12:34
User Badges:
  • Red, 2250 points or more

I think on the ASA, L2TP can be configured using 'transport mode' only, so please use a transform-set that has 'mode transport'.

Secondly why have you used the 'outside' keyword in the identity NAT? This is for destination NAT and does not represent the 'outside' interface/zone.

"nat (Test) 0 outside"




This Discussion