Draytek 2800 -> L2TP over IPSEC -> Cisco ASA 5510 (v8.03)

Unanswered Question
Jun 4th, 2008
User Badges:

Hi,

Im trying to get a l2tp over ipsec vpn setup between a draytek router and a 5510 with latest firmware.

I have attached the syslog output of the cisco and the current running configuration.

following two lines are of interest and indicate some sort of error

4|Jun 04 2008|16:18:34|113019|||Group = DefaultRAGroup, Username = , IP = x.x.x.x, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

5|Jun 04 2008|16:18:34|713904|||Group = DefaultRAGroup, IP = x.x.x.x, All IPSec SA proposals found unacceptable!


Phase 1 completes successfully but negotiating phase 2 details fails.

It should be using AES and SHA.


Help would be much appreciated.

Regards

Gareth




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Wed, 06/04/2008 - 12:34
User Badges:
  • Red, 2250 points or more

I think on the ASA, L2TP can be configured using 'transport mode' only, so please use a transform-set that has 'mode transport'.


Secondly why have you used the 'outside' keyword in the identity NAT? This is for destination NAT and does not represent the 'outside' interface/zone.


"nat (Test) 0 0.0.0.0 0.0.0.0 outside"


Regards


Farrukh

Actions

This Discussion