Newbie Remote Access VPN L2TP over IPSec

Unanswered Question
Mar 27th, 2010
User Badges:

Hi - I'm a total newb so please bear with me.

I am working with the Cisco ASA 5505 Ver 7.2(2)

There are 3 additional ASA 5505's tied into the on ein question via Site-to-site VPN, this works great.

I would like to give remote users access.

I have been able to give some home users access via PTPP using Security Policies on the ASA along with VPN services of a Windows Server.

I would like to give remote users access with out resorting to the use of the Windows VPN Server.

What I am trying to do an have not been successful at is configuring Remote Access VPN via L2Tp over IPSec purely using the ASA (no windows VPN server).

I am using Windows XP Pro VPN CLient and Mac OS X 10.6.2 Clients

If some one could please look over my config file and let me know what noob things I'm doing, I would be forever appreciative


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Sat, 03/27/2010 - 19:59
User Badges:
  • Cisco Employee,

Which phase is it failing? Phase 1 or Phase 2? Can you share the debug output please?

Also, can you try the following:

crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 10 set transform-set TRANS_ESP_3DES_MD5

daveherrmann Mon, 03/29/2010 - 06:23
User Badges:

Thanks for the suggestion I added the lines to the config and it didn't help.

I have attached the debug log.

Thanks Again!


Jennifer Halim Tue, 03/30/2010 - 00:38
User Badges:
  • Cisco Employee,

There are no debug output for the L2TP over IPSec connection.

Can you please turn on the following debugs:

- debug cry isa

- debug cry ipsec

And test the connection, and obtain the debug outputs.

If you are telnet or ssh to the ASA, you might want to enable "logging monitor 7" and "term mon" so you can see and capture the debug output.


This Discussion