03-27-2010 06:56 PM - edited 02-21-2020 04:34 PM
Hi - I'm a total newb so please bear with me.
I am working with the Cisco ASA 5505 Ver 7.2(2)
There are 3 additional ASA 5505's tied into the on ein question via Site-to-site VPN, this works great.
I would like to give remote users access.
I have been able to give some home users access via PTPP using Security Policies on the ASA along with VPN services of a Windows Server.
I would like to give remote users access with out resorting to the use of the Windows VPN Server.
What I am trying to do an have not been successful at is configuring Remote Access VPN via L2Tp over IPSec purely using the ASA (no windows VPN server).
I am using Windows XP Pro VPN CLient and Mac OS X 10.6.2 Clients
If some one could please look over my config file and let me know what noob things I'm doing, I would be forever appreciative
Thanks,
Dave
03-27-2010 07:59 PM
Which phase is it failing? Phase 1 or Phase 2? Can you share the debug output please?
Also, can you try the following:
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 10 set transform-set TRANS_ESP_3DES_MD5
03-29-2010 06:23 AM
Thanks for the suggestion I added the lines to the config and it didn't help.
I have attached the debug log.
Thanks Again!
Dave
03-30-2010 12:38 AM
There are no debug output for the L2TP over IPSec connection.
Can you please turn on the following debugs:
- debug cry isa
- debug cry ipsec
And test the connection, and obtain the debug outputs.
If you are telnet or ssh to the ASA, you might want to enable "logging monitor 7" and "term mon" so you can see and capture the debug output.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide