I have a failing 1720 router that is the center-point to a vpn with two dynamic 1720 routers connecting to it. It also is supporting PPTP VPN connections but I am planning on replacing those with Cisco VPN Software clients.
My problem is with the two dynamic VPN's. I am unable to connect them to my newly configured ASA5505, because the commands have changed and I can no longer specify no-xauth with my pre-shared key. I need help.
When I enter my pre-shared key command it ends up in the tunnel-group DefaultRAGroup, which is fine, but my remote routers get stuck at XAUTH. I need xauth obviously for the remote VPN clients to work, and I want to ignore XAUTH for the two dynamic 1720 routers that use the preshared key.
I have attached the important part of the configs.
Re: Replacing 1720 with ASA5505, Dynamic VPN Issue
This sample configuration shows how to set up the remote access VPN connection between a Cisco VPN Client (4.x for Windows) and the PIX 500 Series Security Appliance 7.x. The remote VPN Client user autheticates against the Active Directory using a Microsoft Windows 2003 Internet Authentication Service (IAS) RADIUS server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...