01-28-2009 02:28 AM
Hello!
I've setup site-to-site ASA 5510 using L2TP, I've also setup RRAS on windows 2003, and run Demand Dial Interface Wizard to setup L2TP connect to ASA.
What stucks me is "Dial Out Credentials" page on this Wizard.
If I leave all the fields blank it can not proceed futher, so I add imaginary user here. But, on the ASA side there is no user account to add while running IPSec site-to-site wizard. So with this imaginary user account on the Windows side and no user account on the ASA side, I try to connect them (from Windows machine). Looking at the ASDM Log Viewer, I notice that both Phases are completed succefully, but then the message "IP=xxxx.xxxx.xxxx.xxxx, Received encrypted packet with no matching SA, dropping", appears on Log Viewer, and on Windows 2k3 side I get a message "An error occurred during connection of the interface. The local computer does not support the required data encryption type".
I google for L2TP ASA RRAS, but found nothing really of my case.
Has someone ever get this work? If so, what else should I pay attention at?
01-28-2009 06:00 AM
I am confused here, are you setting a Remote Access L2TP VPN Client, if that is the case your setup on the ASA cannot be Lan to Lan (site-to-site) rather remote access, what does your asa config looks like? When using L2tp over IPSEC (which is what the ASA supports) you must have a user/password
01-28-2009 06:19 AM
I am seting up site-to-site VPN between ASA and Windows 2003 Server (RRAS). What I cannot figure out is how I should configure username on the ASA side?
01-28-2009 06:29 AM
The only site to site protocol the ASA supports against a windows server is IPSEC not L2TP, Site to site allows you to encrypt the whole network behind each server. Remote Access on the other hand, is used for connecting Workstations PC's to the vpn server (asa) using a single vpn connection. Are you sure you have the right concept of what you want to configure?
01-28-2009 06:36 AM
Thank you! I must have been wrong thinking L2TP allows me encrypt the whole network behind Windows 2003 Server. So, could you please point me to LAN0-RRAS-ASA-LAN1 configuration using IPSec?
01-28-2009 06:41 AM
Unfortunately to my understanding we don't have a direct link to configure a Windows 2003 server with a lan to lan against a cisco ASA, so you would need to check 2 links or look on the MS Knowledgebase for the vpn setup of the windows 2003, I got you one link that shows the configuration on a Windows 2000 though, hope it heslps:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b12b5.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
01-28-2009 06:46 AM
Thank you for the links. I will try
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: