Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Dynamic Remote Access Policies on ASA for IOS Router and remote clients?

I have setup a dynamic remote access clients for an ASA5505. That  works fine, been tested. I next wanted to add another dynamic VPN, this  time using a 1721 router. Problem now is that I get "Xauth required but  selected Proposal does not support xauth" error. I can see that when the  1721 router tries to connect it uses "Group = DefaultRAGroup".

If I add "isakmp ikev1-user-authentication none" to  the DefaultRAGroup ipsec-attributes, the connection from the 1721  worked, but then I could not connect using regular remote access client (i.e. Windows L2TP).

I wanted to add a new group policy and such:

group-policy 1721_Dynamic internal

group-policy 1721_Dynamic attributes

vpn-filter value 1721_Dynamic

vpn-tunnel-protocol IPSec l2tp-ipsec

tunnel-group 1721_Dynamic type ipsec-l2l

tunnel-group 1721_Dynamic general-attributes

default-group-policy 1721_Dynamic

tunnel-group 1721_Dynamic ipsec-attributes

pre-shared-key *****

isakmp keepalive threshold 15 retry 2

isakmp ikev1-user-authentication none

Problem is how do I get the remote access clients to use "DefaultRaGroup" and the 1721 router to use the "1721_Dynamic"?

450
Views
0
Helpful
0
Replies
CreatePlease to create content