Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505 Remote Access VPN

I have an ASA5505. For some reason, I can;t get remote access VPN to work! I keep getting an error with reason 412 on my Cisco VPN client. Everything *seems* to be right, but then again, I'm using the ASDM to work on this and it wasn't exactly helpful with the access-lists. Can someone take a look and tell me if this config looks right to you? Right now, I'm just trying to get a connection to establish. THEN I'll worry about split-tunneling and access to resources, etc. I already have a pair of site-to-site VPN tunnels running and working perfectly. It's the remote access that's gving me headaches. Thanks.

2 REPLIES
New Member

Re: ASA5505 Remote Access VPN

Okay, I realized a few stupid things I was doing in the client side. Please ignore a lot of this. However, I've now progressed to the point where it's saying "Negotiating security policies..." and then bombs out with "Reason 433: (Reason Not Specified by Peer)"

New Member

Re: ASA5505 Remote Access VPN

Command line all the way!

access-list nonat extended permit ip 10.0.2.0 255.255.255.0 10.0.3.0 255.255.255.0

access-list splittunnel extended permit ip 10.0.2.0 255.255.255.0 10.0.3.0 255.255.255.0

local pool Remote_Users 10.3.0.1-10.3.0.254

nat (inside) 0 access-list nonat

group-policy Remote_Users internal

group-policy Remote_Users attributes

dns-server value 10.0.2.252 66.151.0.25

wins-server 10.0.2.252

vpn-idle-timeout 20

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel

username admin password usKBR9pR4f8aT7eY encrypted privilege 15

crypto ipsec transform-set Remote_Users esp-3des esp-md5-hmac

crypto dynamic-map dyn1 1 set transform-set Remote_Users

crypto map mymap 2 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 20

tunnel-group Remote_Users type ipsec-ra

tunnel-group Remote_Users general-attributes

address-pool Remote_Users

default-group-policy Remote_Users

tunnel-group Remote_Users ipsec-attributes

pre-shared-key *

278
Views
0
Helpful
2
Replies