I would like to allow Cisco VPN client & Windows L2tp vpn connections to tha ASA5505. I can connect ok using the cisco vpn client (4.8) to both groups the cisco_clients and the defaultRAGroup, but whatever I do I cant use the windows client I get error 800 most of the time. I ran dubug on the ASA and it appears phase 1 is ok but on the xp client running wireshark I can see the pptp packets then isakmp packets then almost imediately the pc errors.
I have gone over the config numerous times but cant see what is wrong. I flattened the ASA and configured it from scratch but still I could not connect. I have tried multiple xp clients without cisco client installed tried the ProhibitIpsec key all to no avail.
2nd Part of question according to the docs I have to use the DefaultRAgroup etc if I want two group using l2tp does that mean I cant do that, ideally I want multiple l2tp clients one group allowed to access all devices the other to have access to specific hosts on the dmz. Using the Cisco vpn client essentially I have acomplished this but not sure about l2tp clients.
Should I have the strip realm & group enabled
Getting the clients able to connect would be a start in the right direction
p.s I used the following doc although I am not using radius
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...