Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSLVPN and IPSec VPN on ASA 5520 with 7.1(2)

Hi Mynul,

I have setup two ASA 5520 on Active-Passive setup.

I have also configured the SSL VPN to work byproviding the users with SSL VPN Client for full network access.

I have also configured the IPSec VPN, however I have issue in connecting through the IPSec VPN. When I try to connect the IPSec VPN client always says that it can't connect to the Gateway. On the Gateway can see that it is saying that it doesn't have the correct proposal.

Following is the IPSec configuration I have,

ip local pool RAVPN-Pool 192.168.100.1-192.168.100.254 mask 255.255.255.0

group-policy RAVPN internal

group-policy RAVPN attributes

dns-server value 192.168.200.11 192.168.200.12

vpn-tunnel-protocol IPSec

default-domain value xxx.xxx.xxx.xx

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map DMZ0_dyn_map 20 set transform-set ESP-AES-256-SHA

crypto map DMZ0_map 65535 ipsec-isakmp dynamic DMZ0_dyn_map

crypto map DMZ0_map interface DMZ0

isakmp enable DMZ0

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 5

isakmp policy 10 lifetime 86400

tunnel-group RAVPN type ipsec-ra

tunnel-group RAVPN general-attributes

address-pool RAVPN-Pool

default-group-policy RAVPN

tunnel-group RAVPN ipsec-attributes

pre-shared-key *

I think there should be no problem to have IPSec and SSL VPN/WebVPN to work on the same ASA 5520 with ASA version 7.1(2).

Please kindly advice.

thanks,

Muljawan

1 REPLY

Re: SSLVPN and IPSec VPN on ASA 5520 with 7.1(2)

YOu should not have a problem running these two together. I have implemented both IPSEC and SSL VPN on the same VPN 3000 box. Just make sure you have enabled access for both IPSEC & Webvpn on the outside interface. By default, 2 webvpn sessions can be established on a ASA 5520. Over that, u might need to procure licenses.

Just to isolate the issue, you can disable webvpn and try to connect via IPSEC VPN and see if the parameters configured are correct.

Hope this helps. all the best...

rate replies if found useful

Raj

209
Views
0
Helpful
1
Replies
CreatePlease login to create content