Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 and Windows Vista/7 VPN problems

Hi, I'm a programmer that's had to take over the sysadmin position (thank you economy) and our boss can't get access to the VPN with his new Windows 7 laptop. I've been banging my head trying to figure this out but I can't.

I think it gets past the phase 1 stuff, because windows stops the connection process when it hits "Authenticating username/password."

It works on our old XP systems and on OSX. It just doesn't seem to work on Windows 7.

Can anybody help? What do I have to add or change to get it to work?

Thanks so much in advance!

ciscoasa# sh run crypto

crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set TRANS_ESP_3DES_MD5 mode transport

crypto ipsec ikev1 transform-set TRANS_ESP_AES128_SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set TRANS_ESP_AES128_SHA mode transport

crypto ipsec ikev1 transform-set TRANS_ESP_AES256_SHA esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set TRANS_ESP_AES256_SHA mode transport

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev1 transform-set TRANS_ESP_AES128_SHA TRANS_ESP_AES256_SHA TRANS_ESP_3DES_SHA

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set TRANS_ESP_3DES_MD5 TRANS_ESP_AES128_SHA TRANS_ESP_AES256_SHA ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5

crypto map outside_map 1 match address outside_cryptomap

crypto map outside_map 1 set pfs group5

crypto map outside_map 1 set peer 11.22.33.44

crypto map outside_map 1 set ikev1 transform-set ESP-AES-192-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto ikev1 enable outside

crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 30

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto ikev1 policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

ciscoasa# sh run tunnel-group

tunnel-group DefaultRAGroup general-attributes

address-pool l2tp_iprange

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group 11.22.33.44 type ipsec-l2l

tunnel-group 11.22.33.44 ipsec-attributes

ikev1 pre-shared-key *****

325
Views
0
Helpful
0
Replies