Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA remote access vpn issues with setup


I'm trying to setup remote access vpn through a 5510, and I'm running in to issues, when connecting to the asa i can see with a tcp dump to the peer that the requests are going out but i dont get a reply. i had someone look at this issue and his wording was that it looks like the udp ports are being ignored by the asa, it might be that the remote access vpn config is not being put to use.

I have little knowledge with the remote access vpn.
Could someone help me out and maybe point me in the right direction with my configuration.

here is my config for the remote access vpn:

ip local pool DialUp-LMS mask 

object network DialUp-LMS


object network DialUp-LMS
nat (outside,LMS) dynamic interface


object network NETWORK_OBJ_192.168.115.0_24


access-list DialUp-LMS-vpn remark Allows traffic from VPN users in DialUp-LMS to reach the IP space on interface LMS.
access-list DialUp-LMS-vpn extended permit ip object DialUp-LMS object NETWORK_OBJ_192.168.115.0_24


group-policy DialUp-LMS internal
group-policy DialUp-LMS attributes
vpn-idle-timeout 30
vpn-session-timeout none
vpn-tunnel-protocol ikev1
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DialUp-LMS-vpn


tunnel-group DialUp-LMS type remote-access
tunnel-group DialUp-LMS general-attributes
address-pool DialUp-LMS
default-group-policy DialUp-LMS
tunnel-group DialUp-LMS ipsec-attributes
ikev1 pre-shared-key yMfNdWT8uataBW6QE


username martijn-test password X8Lu4dK5CvfDiP7m encrypted
username martijn-test attributes
service-type remote-access


username martijn-test passwordhBfstanuLhn9yr93t
username martijn-test attributes
service-type remote-access


crypto ikev1 enable LMS


access-list outside_access_in extended permit udp any host eq isakmp


access-list LMS_access_in extended permit udp any object NETWORK_OBJ_192.168.115.0_24 eq isakmp


crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 7
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400


Building configuration...
ikev1 policy 120 is superceded by identical policy 5
ikev1 policy 90 is superceded by identical policy 7
Cryptochecksum: b37697ce 449e4fa6 857de1c3 98606dd0