Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.0(4) and Vista L2TP


Please tell me, What must I do that my VPN between ASA and Vista work?

Win XP works good.. but Vista with the same setting on the PC side does not work...

my config:

crypto ipsec transform-set vista esp-des esp-md5-hmac

crypto ipsec transform-set vista mode transport

crypto dynamic-map l2tp-dyna 20 set transform-set vista

crypto map l2tp-map 20 ipsec-isakmp dynamic l2tp-dyna

crypto map l2tp-map interface insidecrypto isakmp enable inside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 30

group-policy l2tptest internal

group-policy l2tptest attributes

dns-server value

vpn-tunnel-protocol IPSec l2tp-ipsec

username vista password vista nt-encrypted

username employee attributes

vpn-group-policy l2tptest

tunnel-group DefaultRAGroup general-attributes

address-pool pptp-pool

authentication-server-group (inside) LOCAL

default-group-policy l2tptest

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key vista

peer-id-validate nocheck

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

authentication ms-chap-v2

and logs in attach

New Member

Re: ASA 8.0(4) and Vista L2TP

I have a new problem, I think that phase 1 is done, but the phase 2 not.

I think that it was a isakmp policy. I adding some policy and phase 1 is done.

and when I pushing command:

sho crypto isakmp sa

ASA5550-sec(config)# sho crypto isakmp sa

Active SA: 1

Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1 IKE Peer:

Type : user Role : responder

Rekey : no State : MM_ACTIVE

but when I writing command :

ASA5550-sec(config)# sho crypto ipsec sa

There are no ipsec sas

what is the problem?

and the last in log I see:

%ASA-5-713068: Group = DefaultRAGroup, IP =, Received non-routine Notify message: Invalid ID info (18)

What is it mean?

logg in attach

in the configure in the fist post there is mistake. I using policy-group l2tpipsec.