09-03-2008 03:30 AM - edited 03-11-2019 06:39 AM
Hi,
I have configured my ASA, which is already setup for site to site VPN's and Client access VPN using the Cisco Client, for L2TP/IPSEC VPN access. However, I am unable to connect from a Windows client. Below is my config and I've attached a copy of the debug. Please could you help.
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set CLIENT_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set CLIENT_ESP_3DES_MD5 mode transport
crypto dynamic-map vpnmap_dynmap 40 set transform-set ESP-3DES-SHA
crypto dynamic-map vpnmap_dynmap 50 set transform-set CLIENT_ESP_3DES_MD5
crypto map vpnmap 65535 ipsec-isakmp dynamic vpnmap_dynmap
crypto map vpnmap interface outside2
crypto isakmp identity address
crypto isakmp enable outside2
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto isakmp policy 40
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 80
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 30
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server value X.X.X.X
tunnel-group DefaultRAGroup general-attributes
authentication-server-group RADIUSAUTH
default-group-policy DefaultRAGroup
dhcp-server DHCP_SERVER
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
isakmp ikev1-user-authentication (outside2) none
tunnel-group DefaultRAGroup ppp-attributes
no authentication ms-chap-v1
authentication ms-chap-v2
09-03-2008 05:11 AM
what i suggest you is to have a look at the following nice example that configure l2tp/ipsec on asa with win pc it will guid u step-by-step and check it with ur config as well
good luck
if helpful Rate
09-03-2008 07:36 AM
Having gone through the config the only changes I made to my config were:
To add 'vpn-tunnel-protocol l2tp-ipsec' in group-policy DfltGrpPolicy attributes
and to remove 'isakmp ikev1-user-authentication (outside2) none' this now results in 'Tunnel Rejected: Conflicting protocols specified by
tunnel-group and group-policy' in the debugs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: