Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Error 412 whilst using ASA5520 for VPN


Hope somebody can help. I'm trying to use a new ASA 5520 to terminate my remote access VPN's. The remote clients use the cisco VPN client V5. I'm using the configuration below and testing using a laptop directly connected into the same VLAN as the outside interface. I can ping the outside interface, but when I try to connect using the client I get Error 412: Peer not responding. Debugging ISAKMP on the ASA shows no attempt to connect. The laptop will connect to our existing VPN without a problem.

Does anyone have any ideas that may help me out.

Many Thanks


interface GigabitEthernet0/0

nameif outside

security-level 0

ip address


interface GigabitEthernet0/1

nameif inside

security-level 100

ip address

passwd encrypted

boot system disk0:/asa722-k8.bin

ftp mode passive

dns server-group DefaultDNS


access-list 101 extended permit tcp any host *eq https

access-list 101 extended permit tcp any host * eq smtp

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu management 1500

ip local pool pool


failover lan unit primary

failover lan interface failover GigabitEthernet0/3

failover key *****

failover link failover GigabitEthernet0/3

failover interface ip failover standby

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

asdm history enable

arp timeout 14400


global (outside) 1 * netmask

nat (inside) 1 *

static (inside,outside) netmask

static (inside,outside) netmask

access-group 101 in interface outside

route outside * 1

route inside * * 1

group-policy csmavpn internal

group-policy csmavpn attributes

dns-server value *

vpn-tunnel-protocol IPSec

default-domain value *

client-firewall none

username testuser password * encrypted

service resetoutside

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map Outside_dyn_map 1 set transform-set ESP-3DES-SHA

crypto dynamic-map Outside_dyn_map 1 set security-association lifetime seconds 288000

crypto map Outside_map 1 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 43200

crypto isakmp ipsec-over-tcp port 10000

tunnel-group vpn1 type ipsec-ra

tunnel-group vpn1 general-attributes

address-pool pool

tunnel-group vpn1 ipsec-attributes

pre-shared-key *

peer-id-validate nocheck

isakmp ikev1-user-authentication none

telnet * management

telnet timeout 5

ssh timeout 5

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns migrated_dns_map_1


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

ntp server * source dmz prefer

prompt hostname context

New Member

Re: Error 412 whilst using ASA5520 for VPN

We have the same Problem with VPN-Client V5. But the Version 4.8 ist OK.

The only difference between this two Versions is, that V4.8 uses Port 500 as Source Port and V5 uses Port 1501 as Source Port. Both Versions uses the same pcf-File.

I have captured the packets and this was the only difference in both Packets.

But I don't know, how I can fix this Problem.

Do you get a solution since your posting?


CreatePlease to create content