Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ipsec tunnel probem



Im configuring l2tp ipsec tunnel for remote access between windows 8 and a cisco asa 5505 (version 8.2)

 IKE Phase 1 and 2 are completed successfully, after 30 seconds channel goes down with the following error:

%ASA-5-713050: Connection terminated for peer IP_address. Reason: 
termination reason Remote Proxy IP_address, Local Proxy IP_address


Could you please help me to solve this?

access-list outside_cryptomap_65535.1 extended permit ip any any
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any

access-list outside_nat0_outbound extended permit ip object-group user

ip local pool ipsecpool mask

global (outside) 1 interface
nat (inside) 1
nat (outside) 0 access-list outside_nat0_outbound
nat (senseg-guest) 1
access-group outside_access_in in interface outside
route outside 1
route outside tunneled

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map outside_dyn_map 1 set transform-set ESP-AES256-SHA1-TRANS ESP-AES128-SHA1-TRANS ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map0 1 match address outside_cryptomap_65535.1
crypto dynamic-map outside_dyn_map0 1 set transform-set ESP-AES128-SHA1-TRANS ESP-AES256-SHA1-TRANS ESP-AES256-SHA1
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map0
crypto map outside_map interface outside

group-policy DefaultRAGroup attributes
 vpn-tunnel-protocol l2tp-ipsec

tunnel-group DefaultRAGroup general-attributes
 address-pool ipsecpool
 default-group-policy l2tp_ipsec
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2



New Member

You have got one established

You have got one established tunnel between Client IP - VPN Server IP at the moment? If no, try command set nat demux for IPSec

CreatePlease to create content