We have recently bought an ASA 5505, and I'm currently in the process of configuring it to support Windows L2TP VPN client connections. Unfortunately I just don't seem to be able to get this working. A big part of the problem is that ASA configuratino is completely new to me. I've used the following Cisco documents to try and set this up:
However, I recieve the following when trying to connect:
Error 789: The L2TP connection attempt failed because the security layer encountered a pprocessing error during initial negotiations with the computer.
I have attempted debugging on the ASA, however I can't seem to get it to log the UDP 1701 or L2TP session data. If I create a outside dynamic IPSEC rule, the error changes to 'network busy'. This seems to suggest the client is successfully hitting the firewall and begining negotions.. A show run displays the attached config:
I'd be really happy to hear from anybody who has experiance of succesfully configuring an ASA 5505 for use with L2TP, or anybody who has suggestinos on a way forward (and possibly a little help).
The security appliance does not establish an L2TP/IPSec tunnel with Windows 2000 if either the Cisco VPN Client Version 3.x or the Cisco VPN 3000 Client Version 2.5 is installed. Disable the Cisco VPN Service for the Cisco VPN Client Version 3.x, or the ANetIKE Service for the Cisco VPN 3000 Client Version 2.5 from the Services panel in Windows 2000 (click Start>Programs>Administrative Tools>Services). Then restart the IPSec Policy Agent Service from the Services panel, and reboot the machine.
Step 1 Specify IPSec to use transport mode rather than tunnel mode with the mode keyword of the crypto ipsec transform-set command:
hostname(config)# crypto ipsec transform-set trans_name mode transport
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...