We are facing issue connecting to remote access VPN in Cisco ASA firewall, When connecting to the firewall through remote access VPN, we are receiving error as â Error 412 : The Remote peer no longer respondingâ.
Even after performing the troubleshooting the below steps.
1.Removed and applied the crypto map applied on the external interface of the firewall.
2.Rebooted the primary Cisco ASA firewall for further troubleshooting. After rebooting Primary Cisco ASA firewall, applications were not working through the primary ASA firewall and hence switchover to secondary firewall. Applications started working fine after switching over to Secondary ASA firewall. We were not able to connect remote access VPN even after switching to Secondary Cisco ASA firewall.
3.Removed entire configuration of remote access VPN in the firewall and reconfigured from the scratch for remote access VPN. But still the issue persists.
4.We are able to see the connections in the internet router on port UDP 500 for remote access VPN but not able to see single debug isakmp packet of remote access VPN in the firewall. But all the other site to site VPN tunnel configured in the firewall are working fine.
5.We also tried connecting from the machine to Remote Access VPN directly connecting to the external switch which has IP address of same subnet assigned to the external interface of the firewall. But still we are not able to see single debug isakmp packet of remote access VPN in the firewall.
6.We also configured ISAKMP over TCP port 10000 in the firewall. When we see the VPN client logs while connecting to remote access VPN, we are receiving TCP RST packet on port 10000 and ISAKMP parameters are not getting exchanged.
The configuration is pretty big and difficult to analyze, what is the IP of the pool?
show run pool
Its better to use a standard ACL for split tunneling. The source IPs will be the addresses BEHIND the firewall and not the ones for the VPN pool. Same for the NAT0 ACL, source will be BEHIND the firewall and destination will be the VPN POOL.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :