Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2TP/IPSEC VPN to ASA

Hi,

I have configured my ASA, which is already setup for site to site VPN's and Client access VPN using the Cisco Client, for L2TP/IPSEC VPN access. However, I am unable to connect from a Windows client. Below is my config and I've attached a copy of the debug. Please could you help.

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set CLIENT_ESP_3DES_MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set CLIENT_ESP_3DES_MD5 mode transport

crypto dynamic-map vpnmap_dynmap 40 set transform-set ESP-3DES-SHA

crypto dynamic-map vpnmap_dynmap 50 set transform-set CLIENT_ESP_3DES_MD5

crypto map vpnmap 65535 ipsec-isakmp dynamic vpnmap_dynmap

crypto map vpnmap interface outside2

crypto isakmp identity address

crypto isakmp enable outside2

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash md5

group 1

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 28800

crypto isakmp policy 40

authentication pre-share

encryption des

hash md5

group 2

lifetime 86400

crypto isakmp policy 60

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400

crypto isakmp policy 80

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 30

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

wins-server value X.X.X.X

tunnel-group DefaultRAGroup general-attributes

authentication-server-group RADIUSAUTH

default-group-policy DefaultRAGroup

dhcp-server DHCP_SERVER

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

isakmp ikev1-user-authentication (outside2) none

tunnel-group DefaultRAGroup ppp-attributes

no authentication ms-chap-v1

authentication ms-chap-v2

2 REPLIES

Re: L2TP/IPSEC VPN to ASA

what i suggest you is to have a look at the following nice example that configure l2tp/ipsec on asa with win pc it will guid u step-by-step and check it with ur config as well

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml

good luck

if helpful Rate

New Member

Re: L2TP/IPSEC VPN to ASA

Having gone through the config the only changes I made to my config were:

To add 'vpn-tunnel-protocol l2tp-ipsec' in group-policy DfltGrpPolicy attributes

and to remove 'isakmp ikev1-user-authentication (outside2) none' this now results in 'Tunnel Rejected: Conflicting protocols specified by

tunnel-group and group-policy' in the debugs.

670
Views
0
Helpful
2
Replies