Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Remote Access VPN is not connectin

Dear All,

We configured remote access VPN on the ASA, it works perfectly till yesterday. Suddenly this issue is started and we are unable to connect the VPN. I attached the debud logs from the firewall. Please suggest me how to resolve this issue.



New Member

Remote Access VPN is not connectin

I think that we need more information, like the debug output or the config file.



Remote Access VPN is not connectin

Hi Markus,

Debug file is already attached.



Cisco Employee

Remote Access VPN is not connectin

Hi Krishna,

Your debug doesn't have much information. however one thing is sure that even phase 1 is not coming up.

Please take the following debug:

debug cry isakmp 125

debug cry ipsec 125

if possible send me the following configuration:

sh run tunnel-group CSTEP

sh run cry dynamic-map

sh run cry ipsec

sh run cry isakmp

if you paste the debugs here, email me.

You said it was working fine then were there any recent hardware or software changes.


Jeet Kumar

Re: Remote Access VPN is not connectin

Hi Jeet,

Sometimes it is connecting. Just now i tested again and able to connect it. But servers are not accessible. I am sharing the latest logs.

CenterForStudy# sh run tunnel-group CSTEP

tunnel-group CSTEP type remote-access

tunnel-group CSTEP general-attributes

address-pool REMOTE-POOL

tunnel-group CSTEP ipsec-attributes

pre-shared-key *

CenterForStudy# sh run cry dynamic-map

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

CenterForStudy# sh run cry ipsec

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

CenterForStudy# sh run cry isakmp

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

Cisco Employee

Remote Access VPN is not connectin

I didn't find any issue with your configuration.

So you saying it is intermittent and doesn't happen all the time.

The debugs that you have attached are all DPD's.

Next time when the issue occur please take the following output:

Debug crypto condition peer x.x.x.x (x.x.x.x is the Public IP of the machine from where you are connecting the VPN client).

Debug crypto ipsec 125

debug crypto isakmp 125

sh vpn-sessiondb summary

Please take this output and email me.


Jeet Kumar

New Member

Remote Access VPN is not connectin

Hi Krishna ,

                 Your debug message is not holding complete infromation for IKE Phase 1 , you have stopped captured during Aggressive message 2 . Look into below URL for your better understanding .

kindly let us with complete debug information .


Santhosh Saravanan

HTH Regards Santhosh Saravanan
New Member

Remote Access VPN is not connectin

Hi Krishna,

which kind of device ist it? Can you post the Interface and vpn configuration?