Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1879
Views
0
Helpful
6
Replies

Windows 2003 site-to-site L2TP to ASA 5510

nkaretnikov
Level 1
Level 1

‎01-28-2009 02:28 AM

Hello!

I've setup site-to-site ASA 5510 using L2TP, I've also setup RRAS on windows 2003, and run Demand Dial Interface Wizard to setup L2TP connect to ASA.

What stucks me is "Dial Out Credentials" page on this Wizard.

If I leave all the fields blank it can not proceed futher, so I add imaginary user here. But, on the ASA side there is no user account to add while running IPSec site-to-site wizard. So with this imaginary user account on the Windows side and no user account on the ASA side, I try to connect them (from Windows machine). Looking at the ASDM Log Viewer, I notice that both Phases are completed succefully, but then the message "IP=xxxx.xxxx.xxxx.xxxx, Received encrypted packet with no matching SA, dropping", appears on Log Viewer, and on Windows 2k3 side I get a message "An error occurred during connection of the interface. The local computer does not support the required data encryption type".

I google for L2TP ASA RRAS, but found nothing really of my case.

Has someone ever get this work? If so, what else should I pay attention at?

Labels:
0 Helpful
6 Replies 6

Ivan Martinon
Level 7
Level 7

‎01-28-2009 06:00 AM

I am confused here, are you setting a Remote Access L2TP VPN Client, if that is the case your setup on the ASA cannot be Lan to Lan (site-to-site) rather remote access, what does your asa config looks like? When using L2tp over IPSEC (which is what the ASA supports) you must have a user/password

0 Helpful

nkaretnikov
Level 1
Level 1
In response to Ivan Martinon

‎01-28-2009 06:19 AM

I am seting up site-to-site VPN between ASA and Windows 2003 Server (RRAS). What I cannot figure out is how I should configure username on the ASA side?

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to nkaretnikov

‎01-28-2009 06:29 AM

The only site to site protocol the ASA supports against a windows server is IPSEC not L2TP, Site to site allows you to encrypt the whole network behind each server. Remote Access on the other hand, is used for connecting Workstations PC's to the vpn server (asa) using a single vpn connection. Are you sure you have the right concept of what you want to configure?

0 Helpful

nkaretnikov
Level 1
Level 1
In response to Ivan Martinon

‎01-28-2009 06:36 AM

Thank you! I must have been wrong thinking L2TP allows me encrypt the whole network behind Windows 2003 Server. So, could you please point me to LAN0-RRAS-ASA-LAN1 configuration using IPSec?

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to nkaretnikov

‎01-28-2009 06:41 AM

Unfortunately to my understanding we don't have a direct link to configure a Windows 2003 server with a lan to lan against a cisco ASA, so you would need to check 2 links or look on the MS Knowledgebase for the vpn setup of the windows 2003, I got you one link that shows the configuration on a Windows 2000 though, hope it heslps:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b12b5.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

0 Helpful

nkaretnikov
Level 1
Level 1
In response to Ivan Martinon

‎01-28-2009 06:46 AM

Thank you for the links. I will try

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents