11-05-2010 10:17 AM - edited 02-21-2020 04:57 PM
Hi,
i set up remote access VPN connection from windows server 2003 against ASA 5520 using a pre-shared key. I used a L2TP over IPSec method. This work fine, when i use a md5 authentication, but as i found Windows 2003 is not working with SHA authentication.
But when i use a Microsoft Windows7 client to conect to ASA it is not working aganst md5. In ASA logs is statement "All SA proposals found unacceptable". I found that is a problem with authentication but changing to SHA is not working too.
Have someone idea how to configure ASA and Microsoft windows 7 client together?
Win7 client was configured like this:
data encryption-->Require encryption
Allow these protocols-->Microsoft CHAP version 2
I attached my config with SHA.
Many Thanks.
Lubo.
11-06-2010 04:32 PM
Try to configure more than 1 isakmp policy as follows:
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
If it still doesn't work, please kindly run "debug cry isa" and "debug cry ipsec" and gather the output to see where it's failing. Thanks.
11-09-2010 10:37 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: