VPN Clients Cisco & Windows

Unanswered Question
May 21st, 2009
User Badges:

Hi

I cant get windows l2tp client to connect.

I would like to allow Cisco VPN client & Windows L2tp vpn connections to tha ASA5505. I can connect ok using the cisco vpn client (4.8) to both groups the cisco_clients and the defaultRAGroup, but whatever I do I cant use the windows client I get error 800 most of the time. I ran dubug on the ASA and it appears phase 1 is ok but on the xp client running wireshark I can see the pptp packets then isakmp packets then almost imediately the pc errors.

I have gone over the config numerous times but cant see what is wrong. I flattened the ASA and configured it from scratch but still I could not connect. I have tried multiple xp clients without cisco client installed tried the ProhibitIpsec key all to no avail.

2nd Part of question according to the docs I have to use the DefaultRAgroup etc if I want two group using l2tp does that mean I cant do that, ideally I want multiple l2tp clients one group allowed to access all devices the other to have access to specific hosts on the dmz. Using the Cisco vpn client essentially I have acomplished this but not sure about l2tp clients.

Should I have the strip realm & group enabled

Getting the clients able to connect would be a start in the right direction

p.s I used the following doc although I am not using radius

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807213a7.shtml


Any help gratefully received



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Communications Mon, 05/25/2009 - 07:52
User Badges:

I found the problen which was pfs turning it off I can connect using l2tp ok.

If i want a two sets of clients to be able to connect using cisco client, lt2p and or webvpn inside access,the other just access to the dmz is that possible?

Currently I use the nat to allow one pool access to all hosts the other restricted just to the dmz.

The l2tp seems to use defaultRAgroup, the Webvpn only the default webvpn group, I am not clear how this should work

Actions

This Discussion