Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

L2TP/IPSec Error 720

Dear All,

I am trying to establish L2TP/IPSec VPN using ASA 8.4(2) and Windows 7 (64-bit) but getting error 720 while trying to connect from windows 7 pc.

Kindly find the attached configuration and error snap shot.

9 REPLIES
New Member

L2TP/IPSec Error 720

Dear All,

Kindly advice, what could be the root cause ?

Thanks for your support.

New Member

Re: L2TP/IPSec Error 720

Hi,

1. ASAs configuration looks correct, but I don't understand why you use a DHCP server if you indicate VPN pool.

tunnel-group DefaultRAGroup general-attributes

address-pool VPN

default-group-policy DefaultRAGroup

dhcp-server 10.10.1.6

2. Verify that the addresses of VPN pool don't overlap with the local address of your computer.

3. Maybe the cause is in the Windows 7. Check it out.

Rebuild the TCP/IP stack by opening an command prompt and entering the following command:

netsh int ip reset >> ResetIP.log

Next restart the computer and try again establish L2TP connectin.

________________

Best regards,
MB

________________ Best regards, MB
New Member

Re: L2TP/IPSec Error 720

Hi ,

Yes dhcp was unnecessary and there is no overlap between VPN pool and local network.

I tried point # 3 as well but no luck , same error is appearing.

Regards,

MS

L2TP/IPSec Error 720

Usually debugging is used in these kind of situations.

Do the

debug crypto ikev1

debug crypto ipsec

and see what's happenning when you're trying to establish connection.

Plus, though it's not critical, I wouldn't rely on the default tunnel-group/group-policy configurations. It's allwas better to create some new, and tune them.

Bronze

Re: L2TP/IPSec Error 720

get debug or set buffer log to debug and past the log here. 720 looks like a phase 1 policy mismatch.

Sent from Cisco Technical Support iPhone App

New Member

Re: L2TP/IPSec Error 720

Hi Shaogin,

Kindly find the attached output of 'debug crypto ikev1' and nothing is coming against 'debug crypto ipsec'.

Regards,

Mujeeb

Re: L2TP/IPSec Error 720

In the debug provided, username test is used for connection.

The only username that may be used, having what's in your running config, is l2tp:

username l2tp password 31XddrF4FUa04JqfYDr2Jw== nt-encrypted

So, check again what username/password is used for the connection, and change it to l2tp/password-for-l2tp-user

New Member

Re: L2TP/IPSec Error 720

Hi Andrew,

The problem was due to "no vpn-addr-assign local" command which was mistakenly part of the configuration.

Regards,

Mujeeb

Re: L2TP/IPSec Error 720

Ok, good to know.

2127
Views
0
Helpful
9
Replies