Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ipsec tunnel probem

Hello!

 

Im configuring l2tp ipsec tunnel for remote access between windows 8 and a cisco asa 5505 (version 8.2)

 IKE Phase 1 and 2 are completed successfully, after 30 seconds channel goes down with the following error:


%ASA-5-713050: Connection terminated for peer IP_address. Reason: 
termination reason Remote Proxy IP_address, Local Proxy IP_address

 

Could you please help me to solve this?

access-list outside_cryptomap_65535.1 extended permit ip any any
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any

access-list outside_nat0_outbound extended permit ip object-group user 192.168.24.0 255.255.255.0

ip local pool ipsecpool 192.168.24.10-192.168.24.100 mask 255.255.255.0

global (outside) 1 interface
nat (inside) 1 192.168.23.0 255.255.255.0
nat (outside) 0 access-list outside_nat0_outbound
nat (senseg-guest) 1 172.20.0.0 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 185.11.209.137 1
route outside 0.0.0.0 0.0.0.0 192.168.24.1 tunneled

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map outside_dyn_map 1 set transform-set ESP-AES256-SHA1-TRANS ESP-AES128-SHA1-TRANS ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map0 1 match address outside_cryptomap_65535.1
crypto dynamic-map outside_dyn_map0 1 set transform-set ESP-AES128-SHA1-TRANS ESP-AES256-SHA1-TRANS ESP-AES256-SHA1
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map0
crypto map outside_map interface outside

group-policy DefaultRAGroup attributes
 vpn-tunnel-protocol l2tp-ipsec

tunnel-group DefaultRAGroup general-attributes
 address-pool ipsecpool
 default-group-policy l2tp_ipsec
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2

 

 

1 REPLY
New Member

You have got one established

You have got one established tunnel between Client IP - VPN Server IP at the moment? If no, try command set nat demux for IPSec

36
Views
0
Helpful
1
Replies
CreatePlease to create content