Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
0
Helpful
1
Replies

Draytek 2800 -> L2TP over IPSEC -> Cisco ASA 5510 (v8.03)

keyoke_za
Level 1
Level 1

‎06-04-2008 08:00 AM - edited ‎02-21-2020 03:45 PM

Hi,

Im trying to get a l2tp over ipsec vpn setup between a draytek router and a 5510 with latest firmware.

I have attached the syslog output of the cisco and the current running configuration.

following two lines are of interest and indicate some sort of error

4|Jun 04 2008|16:18:34|113019|||Group = DefaultRAGroup, Username = , IP = x.x.x.x, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

5|Jun 04 2008|16:18:34|713904|||Group = DefaultRAGroup, IP = x.x.x.x, All IPSec SA proposals found unacceptable!

Phase 1 completes successfully but negotiating phase 2 details fails.

It should be using AES and SHA.

Help would be much appreciated.

Regards

Gareth

Labels:
Preview file
11 KB
Preview file
7 KB
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-04-2008 12:34 PM

I think on the ASA, L2TP can be configured using 'transport mode' only, so please use a transform-set that has 'mode transport'.

Secondly why have you used the 'outside' keyword in the identity NAT? This is for destination NAT and does not represent the 'outside' interface/zone.

"nat (Test) 0 0.0.0.0 0.0.0.0 outside"

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents