Newbie Remote Access VPN L2TP over IPSec

daveherrmann · ‎03-27-2010

Hi - I'm a total newb so please bear with me.

I am working with the Cisco ASA 5505 Ver 7.2(2)

There are 3 additional ASA 5505's tied into the on ein question via Site-to-site VPN, this works great.

I would like to give remote users access.

I have been able to give some home users access via PTPP using Security Policies on the ASA along with VPN services of a Windows Server.

I would like to give remote users access with out resorting to the use of the Windows VPN Server.

What I am trying to do an have not been successful at is configuring Remote Access VPN via L2Tp over IPSec purely using the ASA (no windows VPN server).

I am using Windows XP Pro VPN CLient and Mac OS X 10.6.2 Clients

If some one could please look over my config file and let me know what noob things I'm doing, I would be forever appreciative

Thanks,
Dave

Jennifer Halim · ‎03-27-2010

Which phase is it failing? Phase 1 or Phase 2? Can you share the debug output please?

Also, can you try the following:

crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 10 set transform-set TRANS_ESP_3DES_MD5

daveherrmann · ‎03-29-2010

Thanks for the suggestion I added the lines to the config and it didn't help.

I have attached the debug log.

Thanks Again!

Dave

Jennifer Halim · ‎03-30-2010

There are no debug output for the L2TP over IPSec connection.

Can you please turn on the following debugs:

- debug cry isa

- debug cry ipsec

And test the connection, and obtain the debug outputs.

If you are telnet or ssh to the ASA, you might want to enable "logging monitor 7" and "term mon" so you can see and capture the debug output.