I recently installed an ASA to replace an ailing PIX, and everything seems to be working well. Now we are looking at migrating remote VPN and eventually LAN-to-LAN traffic over to the ASA, due to the looming EOL on our VPN Concentrator.
I used the ASDM wizard to configure remote access VPN on the ASA, authenticating to Windows IAS. When attempting to connect with the Cisco VPN Client (version 4.0) I can see the authentication is successful on the IAS server, but the client says authentication failed. In reviewing my config from CLI, I noticed that I'm missing the line "sysopt connection permit-ipsec" I suspect this is causing my failed authentication, as the ASA is rejecting IPSEC traffic.
I attempted to add the line in CLI, and it doesn't give me any errors, but it still does not appear when I do a "show run"
The ASA is running version 7.0(6), and I was unable to find any reference to this in the release notes for any of the later versions.
"sysopt connection permit-vpn" or "sysopt connection permit-ipsec" have nothing to do with actually connecting a remote or site2site vpn. This command doesn't matter until the tunnel is established. without this command, you need acl entries on your inbound ACL to allow access to the internal network over a vpn tunnel. with this command, vpn connections are *not* subject to ACL checks.
Post your config though and we can troubleshoot further. Also, you might want to upgrade your vpn client from 4.0.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...