we setup an IPsec VPN tunnel in ASDM 7.1 (for ASA 5515-X version 9.11) through a wizard... it was working fine for a while and then connection could no longer be established. we made a new tunnel through the wizard again and deleted the old tunnel. it still won't work. we are getting a:
Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding. (this is on VPN Client Version 5.0.07.0290)
I've already turned off Windows Firewall.
Need your expertise! Thank you so much!
the "show run" config is attached for your reference with the public IP edited out!
Apart from these there are some other reasons behind for getting such error.
The user is behind a firewall that is blocking ports UDP 4500/500 and/or ESP.
The VPN client is using connecting on TCP and the default TCP port 10000 for NAT is blocked.
The internet connection is not stable and some packets are not reaching the ASA or the replies from the ASA aren’t getting to the client, hence the client thinks the server is no longer available.
The VPN client is behind a NAT device and the ASA doesn’t have NAT-T enabled. In this case the user will not be able to send or receive traffic at all. It will be able to connect but that’s all. After some time the software client deletes the VPN tunnel.
If you are using wireless, try to connect with cable
Turn your firewall off, then test the connection to see whether the problem still occurs. If it doesn’t then you can turn your firewall back on, add exception rules for port 500, port 4500 and the ESP protocol in your firewall
Turn on NAT-T/TCP in your profile ( remember to unblock port 10000 in your firewall)
Edit your profile with your editor and change ForceKeepAlive=0 to 1
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :