Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5505 remote-vpn help

Out-of-the box configuration. Changed the internal ip range, DHCP pool and ASDM config. Then I ran the VPN wizard to connect a VPN client. I cant establish a tunnel what so ever. Find attached the config and the log.

Thank you in advanced for you help

Niko

8 REPLIES
Gold

Re: ASA 5505 remote-vpn help

I pulled this off of a working config, 5505 7.2(3)

=====================================

ip local pool vpnpool 10.x.y.1-10.x.y.10 mask 255.255.255.0

crypto ipsec transform-set AES256_SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map DYNAMICMAP 5 set transform-set AES256_SHA

crypto dynamic-map DYNAMICMAP 5 set security-association lifetime seconds 7200

crypto map CRYPTOMAP 5 ipsec-isakmp dynamic DYNAMICMAP

crypto map CRYPTOMAP interface outside

crypto isakmp enable outside

crypto isakmp policy 5

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 20

group-policy GROUPPOLICYNAME internal

group-policy GROUPPOLICYNAME attributes

dns-server value 10.x.y.z

vpn-idle-timeout 120

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel_acl

default-domain value domain.org

split-dns value domain.org

tunnel-group VPNGROUPNAME type ipsec-ra

tunnel-group VPNGROUPNAME general-attributes

address-pool vpnpool

default-group-policy GROUPPOLICYNAME

tunnel-group VPNGROUPNAME ipsec-attributes

pre-shared-key *

isakmp ikev1-user-authentication none

============================================

the very last line disables xauth...

New Member

Re: ASA 5505 remote-vpn help

Thanks for your quick response. I've tried to disable xauth already but no luck.

Gold

Re: ASA 5505 remote-vpn help

based on your configuration, you have to set the group name (in the cisco vpn client) to 10.0.0.0

is that really what you want?

you also don't have nat-t enabled, which might be causing issues.

if you don't want xauth, just add that last line under the tunnel-group ipsec attributes.

Re: ASA 5505 remote-vpn help

Hi Niko

Attached config is a mess, attach the config you made after analyzing srue's sample RA-VPN config

Regards

New Member

Re: ASA 5505 remote-vpn help

Thanks for your quick response. I've tried to disable xauth already but no luck.

Re: ASA 5505 remote-vpn help

Niko

Assuming that this is a start from scratch (you newly configure this device) and this config is messy (webvpn policy etc), I suggest you to load factory defaults, change your Lan IP and subnet, then follow this step by step guide to configure VPN

http://www.petenetlive.com/Tech/Firewalls/Cisco/c2svpn.htm

New Member

Re: ASA 5505 remote-vpn help

I'll give it a try.

thx

New Member

Re: ASA 5505 remote-vpn help

243
Views
0
Helpful
8
Replies
CreatePlease to create content