Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
1
Replies

ASA 8.0(4) and Vista L2TP

andrey.v.tyurin
Level 1
Level 1

‎09-18-2008 11:39 AM - edited ‎02-21-2020 03:00 AM

Hi ALL!

Please tell me, What must I do that my VPN between ASA and Vista work?

Win XP works good.. but Vista with the same setting on the PC side does not work...

my config:

crypto ipsec transform-set vista esp-des esp-md5-hmac

crypto ipsec transform-set vista mode transport

crypto dynamic-map l2tp-dyna 20 set transform-set vista

crypto map l2tp-map 20 ipsec-isakmp dynamic l2tp-dyna

crypto map l2tp-map interface insidecrypto isakmp enable inside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 30

group-policy l2tptest internal

group-policy l2tptest attributes

dns-server value 10.48.4.5 10.48.4.3

vpn-tunnel-protocol IPSec l2tp-ipsec

username vista password vista nt-encrypted

username employee attributes

vpn-group-policy l2tptest

tunnel-group DefaultRAGroup general-attributes

address-pool pptp-pool

authentication-server-group (inside) LOCAL

default-group-policy l2tptest

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key vista

peer-id-validate nocheck

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

authentication ms-chap-v2

and logs in attach

Preview file
13 KB
0 Helpful
1 Reply 1

andrey.v.tyurin
Level 1
Level 1

‎09-19-2008 03:05 AM

I have a new problem, I think that phase 1 is done, but the phase 2 not.

I think that it was a isakmp policy. I adding some policy and phase 1 is done.

and when I pushing command:

sho crypto isakmp sa

ASA5550-sec(config)# sho crypto isakmp sa

Active SA: 1

Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1 IKE Peer: 10.48.6.3

Type : user Role : responder

Rekey : no State : MM_ACTIVE

but when I writing command :

ASA5550-sec(config)# sho crypto ipsec sa

There are no ipsec sas

what is the problem?

and the last in log I see:

%ASA-5-713068: Group = DefaultRAGroup, IP = 10.48.6.3, Received non-routine Notify message: Invalid ID info (18)

What is it mean?

logg in attach

in the configure in the fist post there is mistake. I using policy-group l2tpipsec.

Preview file
15 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card