I've setup site-to-site ASA 5510 using L2TP, I've also setup RRAS on windows 2003, and run Demand Dial Interface Wizard to setup L2TP connect to ASA.
What stucks me is "Dial Out Credentials" page on this Wizard.
If I leave all the fields blank it can not proceed futher, so I add imaginary user here. But, on the ASA side there is no user account to add while running IPSec site-to-site wizard. So with this imaginary user account on the Windows side and no user account on the ASA side, I try to connect them (from Windows machine). Looking at the ASDM Log Viewer, I notice that both Phases are completed succefully, but then the message "IP=xxxx.xxxx.xxxx.xxxx, Received encrypted packet with no matching SA, dropping", appears on Log Viewer, and on Windows 2k3 side I get a message "An error occurred during connection of the interface. The local computer does not support the required data encryption type".
I google for L2TP ASA RRAS, but found nothing really of my case.
Has someone ever get this work? If so, what else should I pay attention at?
I am confused here, are you setting a Remote Access L2TP VPN Client, if that is the case your setup on the ASA cannot be Lan to Lan (site-to-site) rather remote access, what does your asa config looks like? When using L2tp over IPSEC (which is what the ASA supports) you must have a user/password
The only site to site protocol the ASA supports against a windows server is IPSEC not L2TP, Site to site allows you to encrypt the whole network behind each server. Remote Access on the other hand, is used for connecting Workstations PC's to the vpn server (asa) using a single vpn connection. Are you sure you have the right concept of what you want to configure?
Unfortunately to my understanding we don't have a direct link to configure a Windows 2003 server with a lan to lan against a cisco ASA, so you would need to check 2 links or look on the MS Knowledgebase for the vpn setup of the windows 2003, I got you one link that shows the configuration on a Windows 2000 though, hope it heslps:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :