Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA remote access vpn issues with setup

Hi,

I'm trying to setup remote access vpn through a 5510, and I'm running in to issues, when connecting to the asa i can see with a tcp dump to the peer that the requests are going out but i dont get a reply. i had someone look at this issue and his wording was that it looks like the udp ports are being ignored by the asa, it might be that the remote access vpn config is not being put to use.

I have little knowledge with the remote access vpn.
Could someone help me out and maybe point me in the right direction with my configuration.

here is my config for the remote access vpn:

ip local pool DialUp-LMS 172.31.254.5-172.31.254.254 mask 255.255.255.0 

object network DialUp-LMS
subnet 172.31.254.0 255.255.255.0

 

object network DialUp-LMS
nat (outside,LMS) dynamic interface

 

object network NETWORK_OBJ_192.168.115.0_24
subnet 192.168.115.0 255.255.255.0

 

access-list DialUp-LMS-vpn remark Allows traffic from VPN users in DialUp-LMS to reach the IP space on interface LMS.
access-list DialUp-LMS-vpn extended permit ip object DialUp-LMS object NETWORK_OBJ_192.168.115.0_24

 

group-policy DialUp-LMS internal
group-policy DialUp-LMS attributes
vpn-idle-timeout 30
vpn-session-timeout none
vpn-tunnel-protocol ikev1
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DialUp-LMS-vpn

 

tunnel-group DialUp-LMS type remote-access
tunnel-group DialUp-LMS general-attributes
address-pool DialUp-LMS
default-group-policy DialUp-LMS
tunnel-group DialUp-LMS ipsec-attributes
ikev1 pre-shared-key yMfNdWT8uataBW6QE

 

username martijn-test password X8Lu4dK5CvfDiP7m encrypted
username martijn-test attributes
service-type remote-access

 

username martijn-test passwordhBfstanuLhn9yr93t
username martijn-test attributes
service-type remote-access

 

crypto ikev1 enable LMS

 

access-list outside_access_in extended permit udp any host 1.1.12.226 eq isakmp

 

access-list LMS_access_in extended permit udp any object NETWORK_OBJ_192.168.115.0_24 eq isakmp

 

crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 7
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400

 

ASA-SYSCLOUD# wr
Building configuration...
ikev1 policy 120 is superceded by identical policy 5
ikev1 policy 90 is superceded by identical policy 7
Cryptochecksum: b37697ce 449e4fa6 857de1c3 98606dd0

 

42
Views
0
Helpful
0
Replies