ASA 8.0(4) and Vista L2TP

Unanswered Question
Sep 18th, 2008
User Badges:

Hi ALL!

Please tell me, What must I do that my VPN between ASA and Vista work?

Win XP works good.. but Vista with the same setting on the PC side does not work...

my config:

crypto ipsec transform-set vista esp-des esp-md5-hmac

crypto ipsec transform-set vista mode transport

crypto dynamic-map l2tp-dyna 20 set transform-set vista

crypto map l2tp-map 20 ipsec-isakmp dynamic l2tp-dyna

crypto map l2tp-map interface insidecrypto isakmp enable inside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 30

group-policy l2tptest internal

group-policy l2tptest attributes

dns-server value 10.48.4.5 10.48.4.3

vpn-tunnel-protocol IPSec l2tp-ipsec

username vista password vista nt-encrypted

username employee attributes

vpn-group-policy l2tptest

tunnel-group DefaultRAGroup general-attributes

address-pool pptp-pool

authentication-server-group (inside) LOCAL

default-group-policy l2tptest

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key vista

peer-id-validate nocheck

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

authentication ms-chap-v2



and logs in attach



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrey.v.tyurin Fri, 09/19/2008 - 03:05
User Badges:

I have a new problem, I think that phase 1 is done, but the phase 2 not.

I think that it was a isakmp policy. I adding some policy and phase 1 is done.

and when I pushing command:

sho crypto isakmp sa

ASA5550-sec(config)# sho crypto isakmp sa


Active SA: 1

Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1


1 IKE Peer: 10.48.6.3

Type : user Role : responder

Rekey : no State : MM_ACTIVE




but when I writing command :

ASA5550-sec(config)# sho crypto ipsec sa


There are no ipsec sas


what is the problem?




and the last in log I see:

%ASA-5-713068: Group = DefaultRAGroup, IP = 10.48.6.3, Received non-routine Notify message: Invalid ID info (18)



What is it mean?



logg in attach




in the configure in the fist post there is mistake. I using policy-group l2tpipsec.



Attachment: 

Actions

This Discussion