site to site vpn and remote access vpn

Unanswered Question
Apr 30th, 2009
User Badges:

hi ,

iam facing trouble in configuring remote access vpn on cisco asa 5510 on dynamic ip and site to site vpn configuration with sonicwall nsa 240 running on static ip.

following is the configuration i have made for remote access vpn

User Access Verification


Type help or '?' for a list of available commands.

ajmfw> en

Password: ********

ajmfw# show run

: Saved


ASA Version 7.0(8)


hostname ajmfw

domain-name pix.ajm.local

enable password rRiL7GeK5Rz8u8fp encrypted

passwd 2KFQnbNIdI.2KYOU encrypted




interface Ethernet0/0

nameif outside

security-level 0

ip address


interface Ethernet0/1

nameif inside

security-level 100

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

ip address



ftp mode passive

clock timezone GST 4

object-group service rdp tcp

port-object range 3389 3389

access-list inside_nat0_outbound extended permit ip

access-list ajmmobile_splitTunnelAcl standard permit

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool ajmpool mask

no failover

asdm image disk0:/asdm-508.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

group-policy ajmmobile internal

group-policy ajmmobile attributes

wins-server value

dns-server value

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ajmmobile_splitTunnelAcl

default-domain value ajmdubai.local


username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15

username youmna password aCnHruhwBOyHXsvR encrypted

username netcare password m9piWoZJb5Cm5Vy1 encrypted privilege 0

username netcare attributes

vpn-group-policy ajmmobile


http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800

crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp nat-traversal 20

tunnel-group ajmmobile type ipsec-ra

tunnel-group ajmmobile general-attributes

address-pool ajmpool

default-group-policy ajmmobile

tunnel-group ajmmobile ipsec-attributes

pre-shared-key *

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

management-access inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 50


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

please respond asap

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mirzaakberali Sun, 05/03/2009 - 00:01
User Badges:

dear andrew,

right now iam have just configured remote access vpn and when i try to connect i get the following the debug messages on the cisco asa 5510 and the vpn doesnt connects.

error could not remove entry from peer table no match

please respond


thotsaphon Sun, 05/03/2009 - 12:54
User Badges:
  • Gold, 750 points or more


What happens when we add this command on.

crypto isakmp enable outside



mirzaakberali Mon, 05/04/2009 - 00:23
User Badges:

yes i have configured as per the examples listed there but still it doesnt connects and shows the error on asa which i have posted below

error could not remove entry from peer table no match

mirzaakberali Tue, 05/05/2009 - 04:37
User Badges:

hi all,

one thing what i have found is that even outbound VPN connections are not passing through the asa 5510 there is something in the firewall which is blocking both inbound and outbound vpn connections.

asa ver 7.0(8)

please respond asap

as it is very urgent

mirzaakberali Tue, 05/05/2009 - 22:29
User Badges:

hi all,

now iam getting a new error message on the asa when i do debug crypto isakmp and ipsec and try to connect to remote access vpn from cisco vpn client

the error is

received invalid cookie message for non-existent sa

please help me

its very critical now

vpn has to be working

mirzaakberali Thu, 05/07/2009 - 06:12
User Badges:

hi andrew,

i have configured it as per the configuration guides from the cisco site but still my vpn is not working .

please respond to me asap

it is getting very critical. it is a crisis for me i have to solve it.

mirzaakberali Sun, 05/10/2009 - 03:53
User Badges:

hi andrew,

i have added this command but still no luck.i have upgraded the ios 8.0(4) and asdm to 6.21 and still i get the same error

error unable to remove peer from peer table entry group=ajmmobile no match

please respond asap

also if u can guide me how to setup ssl vpn on this which should allow full network access like mapi exchange server access will be beneficial.

eagerly waiting for ur email




This Discussion