ASA 5505 as EZVPN Remote, cannot establish tunnel, all other clients OK.
I recently picked up a new ASA 5505 to use in a new remote office and I'm having a terrible time getting to connect via EZVPN to my 2811 ISR. This is my first ASA although I have worked with PIX in the past. I have several remote 850-series routers and several windows Cisco VPN Client windows clients that have no troubles connecting.
The ASA 5505 came with OS 8.2.1 and during the troubleshooting I have upgraded it to 8.4.1, and ASDM to 6.4. All I have done is configure the inside interface subnet and DHCP and set up the ezvpn client. There are no other customizations. I enabled crypto debug vpnclient to see whats going on. What happens is that it tries to establish the tunnel and does contact the 2811 headend but it gets to the point where it prints the preshare key, hangs for a few second, then tears down the config and starts over.
Any thoughts? Like I said, I have IOS EZVPN clients and software clients using this same vpn headend and group and they all connect just fine. Its just the ASA that has a problem. I can disconnect the ASA, plug in a laptop in its place and connect to the headend router using Cisco VPN Client without any problems.
Re: ASA 5505 as EZVPN Remote, cannot establish tunnel, all other
Thanks for the hints. I'll have to set up the equipment again and capture the logs in a bit. I disconnected everything last night when a thunderstorm came through since we don't have any power protection yet. Is there an easy way to sanitize logs prior to posting?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...