Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

urgent:3G VPN issue

Guys i am trying to connect my IPHONE 3Gs to cisco ASA 5500 using 3G connection (which i am using as a VPN server) but the probem is that i am unable to establish VPN i have gone through the configs many times which i guess seems to be alright but still i cant establish a VPN i am adding my current VPN configs to this thread as i need urgent help.........guys i am getting nuts kindly help me out.....guys can someone please look into it....keep in mind that ASA is conected to a checkpoint firewall ......so currently ASA is just being used as a VPN server.

Thanks in advance guys

VPN# sh run
: Saved
:
ASA Version 8.2(1)
!
hostname VPN

names
name XXX abcd
name XXX DNS-Ser
dns-guard
!
interface GigabitEthernet0/0
speed 100
duplex full
nameif OUTSIDE
security-level 100
ip address XXXX 255.255.255.224
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
ip address XXXX 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa821-k8.bin
ftp mode passive
access-list OUTSIDE-IN extended permit icmp any any
access-list OUTSIDE-IN extended permit ip any any
access-list INSIDE-OUT extended permit icmp any any
access-list INSIDE-OUT extended permit ip any any
pager lines 24
mtu OUTSIDE 1500
ip local pool vpn_pool XXXX mask 255.255.255.255
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
access-group OUTSIDE-IN in interface OUTSIDE
access-group INSIDE-OUT out interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 XXXX
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set RA_VPN_SET esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map RA_VPN_MAP 1 match address OUTSIDE-IN
crypto dynamic-map RA_VPN_MAP 1 set transform-set RA_VPN_SET
crypto dynamic-map RA_VPN_MAP 1 set reverse-route
crypto map RA_VPN 10 ipsec-isakmp dynamic RA_VPN_MAP
crypto map RA_VPN interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tftp-server OUTSIDE XXXX asa821-k8.bin
group-policy RA_VPN_Policy internal
group-policy RA_VPN_Policy attributes
wins-server value XXXX
dns-server value XXXX
split-tunnel-policy tunnelspecified
split-dns value msdomain
username test password XXXX encrypted
username test12 password XXXX encrypted
tunnel-group RA_VPN type remote-access
tunnel-group RA_VPN general-attributes
address-pool iPhones_vpn_pool
default-group-policy RA_VPN_Policy
tunnel-group RA_VPN ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns ABCD
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns ABCD
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:
: end

4 REPLIES
Green

Re: urgent:3G VPN issue

You have no 'iPhones_vpn_pool' configured. The one you have conifgured is only 'vpn_pool'.

Community Member

Re: urgent:3G VPN issue

Thanks for your kind reply...actually i have edited the config for confidentiality....so its the same i forgot to edit all of them so there is a pool with the name of iphone XXX.........can you please chekc something else plz....as i really dont know what the problem is......

Thanks again

Green

Re: urgent:3G VPN issue

1. None of your interfaces other than outside are even turned on.

2. no crypto dynamic-map RA_VPN_MAP 1 match address OUTSIDE-IN

Community Member

Re: urgent:3G VPN issue

Thanks

....but can you explain why should i remove as per your recommendation

no crypto dynamic-map RA_VPN_MAP 1 match address OUTSIDE-IN

as its tied to the following access-list

access-list OUTSIDE-IN extended permit icmp any any
access-list OUTSIDE-IN extended permit ip any any
access-list INSIDE-OUT extended permit icmp any any
access-list INSIDE-OUT extended permit ip any any


access-group OUTSIDE-IN in interface OUTSIDE

secondly we are just testing so the first step is to establish the vpn???

sorry i am not to confident on this can you pleasse explain a bit

Thanks

492
Views
0
Helpful
4
Replies
CreatePlease to create content