I've been trying to setup an ASA5505 with an l2tp/ipsec vpn that I can connect to with the Windows Vista vpn client. I've been having problems connecting. When I attempt to connect, the windows vpn client shows an error message saying "Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." The log on the ASA shows errors saying "Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2"
It appears that the ASA does not like the IKE proposal from the windows vpn client but i'm not sure if I'm interpreting that error message correctly.
Wondering if anyone has seen this issue or had success with this kind of setup. I have the device setup OK so that I can connect with the Cisco VPN client but getting the l2tp/ipsec setup to work with the windows vpn client is proving to be problematic.
I finally got it working today. I had to modify the isakmp policy and the transform sets on the ASA to match one of the proposals that was sent by the Windows vpn client. After making those changes and working through a couple other issues that came up everything is working as expected now.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...