cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
258
Views
0
Helpful
2
Replies

Remote vpn issue please help...

Rohit Mangotra
Level 1
Level 1

Hi,

I am trying to connect vpn client (Win XP) and its works just fine. It is also communicating with radius server and internal network no issues in that. However, when using vpn client on Win 7 it does not connect. I can see from the debug in firewall that phase 2 is complete, but the client does not connect and I can see the error 809 in Win 7 (32 bit and 64 bit) clients. I would really appreciate if anyone can just guide me in right direction. Please see below the code that is working fine for XP.

 

 

nat (inside,outside) source static obj-172.16.0.0-nonat obj-172.16.0.0-nonat destination static obj-192.168.0.0-nonat obj-192.168.0.0-nonat no-proxy-arp route-lookup

aaa-server int-radius-group protocol radius

aaa-server int-radius-group (inside) host 172.16.5.100

key ***

radius-common-pw ***

 

crypto ipsec ikev1 transform-set RA-VPN-Set-3desmd5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-3desmd5 mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-aes128sha esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-aes128sha mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-aes256sha esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-aes256sha mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-aes256md5 esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-aes256md5 mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-dessha esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-dessha mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-3dessha esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-3dessha mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-desmd5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-desmd5 mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-aes192md5 esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-aes192md5 mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-aes192sha esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-aes192sha mode transport

crypto ipsec ikev1 transform-set RA-VPN-Set-aesmd5 esp-aes esp-md5-hmac

crypto ipsec ikev1 transform-set RA-VPN-Set-aesmd5 mode transport

 

crypto dynamic-map dyn-ra-vpn 65000 set ikev1 transform-set RA-VPN-Set-3desmd5 RA-VPN-Set-aes128sha RA-VPN-Set-aes256s-dessha RA-VPN-Set-3dessha RA-VPN-Set-desmd5 RA-VPN-Set-aes192md5 RA-VPN-Set-aes192sha RA-VPN-Set-aesmd5

crypto dynamic-map dyn-ra-vpn 65000 set reverse-route

 

crypto map ASA-VPN-SITE 65000 ipsec-isakmp dynamic dyn-ra-vpn

crypto map ASA-VPN-SITE interface outside

 

crypto ikev1 enable outside

 

crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

 

crypto ikev1 policy 20

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

 

crypto ikev1 policy 30

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

 

crypto ikev1 policy 40

authentication pre-share

encryption aes-192

hash sha

group 2

lifetime 86400

 

crypto ikev1 policy 50

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

 

crypto ikev1 policy 60

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

 

group-policy RA-VPN-GP internal

group-policy RA-VPN-GP attributes

dns-server value 172.16.5.31 172.16.5.32

vpn-tunnel-protocol ikev1 l2tp-ipsec

default-domain value mydomain.com

intercept-dhcp enable

client-firewall none

 

tunnel-group DefaultRAGroup general-attributes

address-pool ra-vpn-ippool

authentication-server-group int-radius-group

default-group-policy RA-VPN-GP

tunnel-group DefaultRAGroup ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

authentication ms-chap-v2

 

Thanks & Regards

Rohit

1 Accepted Solution

Accepted Solutions

mvsheik123
Level 7
Level 7

Hi,

Can you check whether there are any configuration setting differences on client side from XP to win7?

Thx

MS

View solution in original post

2 Replies 2

mvsheik123
Level 7
Level 7

Hi,

Can you check whether there are any configuration setting differences on client side from XP to win7?

Thx

MS

Hi,

Yes you were right. There were some setting change on windows 7 compared to XP. Need to run some registry cleanup software before trying to connect.

Thanks & Regards

Rohit.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: