04-17-2014 10:02 AM - edited 02-21-2020 07:36 PM
RA IPsec VPN configured but no traffic is sent or received (all traffic discarded as I see on VPN client software).
the firewall is 5540 with OS 7.1
VPN(config)# sh run
: Saved
:
ASA Version 7.1(2)
!
hostname VPN
domain-name default.domain.invalid
enable password 9jNfZuG3TC5tCVH0 encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 88.85.249.46 255.255.255.240
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.2.200.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
no nameif
no security-level
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet1/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
passwd 9jNfZuG3TC5tCVH0 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list rbt_splitTunnelAcl extended permit ip 10.0.0.0 255.0.0.0 any
access-list inside_outbound_nat0_acl extended permit ip 10.0.0.0 255.0.0.0 192.168.192.0 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.192.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool rpool 192.168.192.2-192.168.192.200
no failover
icmp permit any outside
icmp permit any unreachable outside
icmp permit any echo outside
icmp permit any inside
icmp permit any unreachable inside
asdm image disk0:/asdm512-k8.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 10.0.0.0 255.0.0.0
route outside 0.0.0.0 0.0.0.0 88.85.249.33 1
route inside 10.0.0.0 255.0.0.0 10.2.200.200 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy sar-group internal
group-policy sar-group attributes
dns-server value 10.1.61.3 10.1.61.4
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rbt_splitTunnelAcl
default-domain value sar.com
split-dns value sar.com
username ggassim password p.8ZTPsRV8MuW4NM encrypted
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption des
isakmp policy 50 hash md5
isakmp policy 50 group 5
isakmp policy 50 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal 20
tunnel-group sar-group type ipsec-ra
tunnel-group sar-group general-attributes
address-pool rpool
default-group-policy sar-group
tunnel-group sar-group ipsec-attributes
pre-shared-key *
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:e9980b895252f0520fa2074b75a8462d
: end
04-18-2014 02:31 PM
hello there,
I discovered that it's a windows problem bcz when I issued " ipconfig /release" the vpn client works well.
Is there any fix for the problem as there are many users are not computer engineers and they need to use VPN client.
the following logs I toke from VPN client
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: