05-06-2019 12:07 PM - edited 05-06-2019 03:54 PM
So I'm having a problem with my Remote Access VPN.
So I. have 2 Site to Site VPN's (AWS Ireland & AWS London) these are working perfectly.
I Used to have a Remote Access VPN working when using the LOCAL users to the ASA now I have been trying to get it to use AAA LDAP server but it doing that somehow I have managed to completely break the Remote Access VPN and no matter how much reading through the old config and checking stuff I can't get it working again.
So i need to keep the 2 AWS VPN up and working while also allowing Remote Access using L2TP/IPSec using a preshared key, and then the authentication uses the AAA Server Group Called LDAP_SRV_GRP. (this group as 1 server in it 10.1.18.109) and this is tested as working.
My Config
UPDATED - I have the Remote Access VPN working again just not using the AAA-Server (LDAP) "LDAP_SRV_GRP"
ip local pool OutOfOfficePool 10.101.2.1-10.101.2.254 mask 255.255.255.0 interface Vlan1 nameif inside security-level 100 ip address 10.101.0.1 255.255.0.0 ! interface Vlan2 nameif outside security-level 0 ip address 109.239.111.4 255.255.255.248 ! ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server Y.Y.Y.Y name-server 1.1.1.1 name-server 8.8.8.8 name-server 8.8.4.4 domain-name beaconsoft.ltd same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network inside subnet 10.0.0.0 255.0.0.0 object network inside-subnet subnet 10.0.0.0 255.0.0.0 object network obj-SrcNet subnet 0.0.0.0 0.0.0.0 object network obj-amzn-lon subnet 10.1.0.0 255.255.0.0 object network obj-amzn-ire subnet 10.2.0.0 255.255.0.0 object network NETWORK_OBJ_10.101.2.0_24 subnet 10.101.2.0 255.255.255.0 object network inoffice subnet 10.101.1.0 255.255.255.0 object network outoffice subnet 10.101.2.0 255.255.255.0 object network 10.X.X.X range 10.2.0.0 10.2.255.255 object network ASA-network subnet 10.101.0.0 255.255.255.0 object network ASA host 10.101.0.1 description Cisco ASA object network ASAGatewayAddress host Y.Y.Y.Y object network ASA_Network subnet 10.101.0.0 255.255.255.0 object network test host 10.101.0.1 object network OutOfOfficePool subnet 10.0.0.0 255.0.0.0 access-list outside_acl extended permit ip host 35.177.42.137 host 109.239.111.4 access-list outside_acl extended permit ip host 52.56.51.249 host 109.239.111.4 access-list outside_acl extended permit ip host 52.17.198.135 host 109.239.111.4 access-list outside_acl extended permit ip host 54.72.63.159 host 109.239.111.4 access-list outside_acl extended permit ip host 35.177.42.137 host Y.Y.Y.Y access-list outside_acl extended permit ip host 52.56.51.249 host Y.Y.Y.Y access-list outside_acl extended permit ip host 52.17.198.135 host Y.Y.Y.Y access-list outside_acl extended permit ip host 54.72.63.159 host Y.Y.Y.Y access-list acl-amzn-lon extended permit ip any4 10.1.0.0 255.255.0.0 access-list IRELAND-135 extended permit ip host 52.17.198.135 host 109.239.111.4 access-list IRELAND-135 extended permit ip host 52.17.198.135 host Y.Y.Y.Y access-list IRELAND-159 extended permit ip host 54.72.63.159 host 109.239.111.4 access-list IRELAND-159 extended permit ip host 54.72.63.159 host Y.Y.Y.Y access-list IRELAND-LOCAL extended permit ip any4 10.2.0.0 255.255.0.0 access-list outside_access_in extended permit ip host 35.177.42.137 host 109.239.111.4 access-list outside_access_in extended permit ip host 52.56.51.249 host 109.239.111.4 access-list outside_access_in extended permit ip host 35.177.42.137 host Y.Y.Y.Y access-list outside_access_in extended permit ip host 52.56.51.249 host Y.Y.Y.Y access-list acl-amzn extended permit ip any4 10.1.0.0 255.255.0.0 access-list amzn-filter extended permit ip 10.1.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list ireland-filter extended permit ip 10.2.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list outside_cryptomap_2 extended permit ip any4 10.2.0.0 255.255.0.0 access-list outside_cryptomap_2 extended permit ip any4 10.1.0.0 255.255.0.0 access-list outside_cryptomap_3 extended permit ip any4 10.2.0.0 255.255.0.0 access-list outside_cryptomap_1 extended permit ip any4 10.1.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.101.0.0 255.255.255.0 10.101.1.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.101.0.0 255.255.255.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.101.0.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.101.0.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.101.1.0 255.255.255.0 10.101.0.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.101.1.0 255.255.255.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.101.1.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.101.1.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.101.2.0 255.255.255.0 10.101.1.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.101.2.0 255.255.255.0 10.101.0.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.101.2.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.101.2.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.1.0.0 255.255.255.0 10.101.1.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.1.0.0 255.255.255.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.1.0.0 255.255.255.0 10.101.0.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.1.0.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list tcp_bypass extended permit ip 10.2.0.0 255.255.255.0 10.101.1.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.2.0.0 255.255.255.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.2.0.0 255.255.255.0 10.101.0.0 255.255.255.0 access-list tcp_bypass extended permit ip 10.2.0.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list tcp_bypass extended permit tcp 10.101.1.0 255.255.255.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit tcp 10.1.0.0 255.255.0.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit tcp 10.101.2.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list tcp_bypass extended permit tcp 10.2.0.0 255.255.0.0 10.101.2.0 255.255.255.0 access-list tcp_bypass extended permit tcp 10.101.2.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list inside_access_in extended permit ip any any access-list acl-outside extended permit icmp any any echo access-list acl-inside extended permit icmp any any echo access-list global_mpc extended permit ip any any access-list outside_access_in_1 extended permit ip 10.0.0.0 255.0.0.0 any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip verify reverse-path interface inside ip verify reverse-path interface outside icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static obj-SrcNet obj-SrcNet destination static obj-amzn-ire obj-amzn-ire route-lookup nat (inside,outside) source static obj-SrcNet obj-SrcNet destination static obj-amzn-lon obj-amzn-lon route-lookup nat (inside,outside) source static any any destination static NETWORK_OBJ_10.101.2.0_24 NETWORK_OBJ_10.101.2.0_24 no-proxy-arp route-lookup nat (inside,outside) source static ASAGatewayAddress ASA destination static obj-amzn-lon obj-amzn-lon ! object network obj_any nat (inside,outside) dynamic interface ! nat (inside,outside) after-auto source dynamic any interface access-group inside_access_in in interface inside access-group outside_access_in_1 in interface outside route outside 0.0.0.0 0.0.0.0 109.239.111.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 ldap attribute-map AttrMap1 map-name accessType IETF-Radius-Service-Type map-value accessType VPN 5 map-value accessType admin 6 dynamic-access-policy-record DfltAccessPolicy aaa-server LDAP_SRV_GRP protocol ldap aaa-server LDAP_SRV_GRP (inside) host Y.Y.Y.Y ldap-base-dn cn=Users, dc=beaconsoft, dc=ltd ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn cn=Administrator, cn=Users, dc=beaconsoft, dc=ltd server-type microsoft ldap-attribute-map AttrMap1 user-identity default-domain LOCAL http server enable http 10.0.0.0 255.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart sysopt connection tcpmss 1379 sla monitor 1 type echo protocol ipIcmpEcho 10.1.0.1 interface outside frequency 5 sla monitor schedule 1 life forever start-time now sla monitor 2 type echo protocol ipIcmpEcho 10.2.0.1 interface outside frequency 5 sla monitor schedule 2 life forever start-time now sla monitor 5 type echo protocol ipIcmpEcho 8.8.8.8 interface outside frequency 5 sla monitor schedule 5 life forever start-time now crypto ipsec ikev1 transform-set 3des_sha esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set transform-amzn-lon esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set transform-amzn-ire esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set transfrom-amzn esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set transform-amzn esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set transfrom-amzn1 esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set transform-amzn1 esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set transform-ireland esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES128-SHA1_TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES128-SHA1_TRANS mode transport crypto ipsec ikev1 transform-set APPLE_CLIENT esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set APPLE_CLIENT mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association replay window-size 128 crypto ipsec security-association pmtu-aging infinite crypto ipsec df-bit clear-df outside crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS ESP-AES-128-MD5 crypto dynamic-map DYN_OUTSIDE 10000 set ikev1 transform-set ESP-AES128-SHA1_TRANS crypto dynamic-map DYN_OUTSIDE 10000 set reverse-route crypto map MAP_OUTSIDE 1 match address outside_cryptomap_1 crypto map MAP_OUTSIDE 1 set pfs crypto map MAP_OUTSIDE 1 set peer 35.177.42.137 52.56.51.249 crypto map MAP_OUTSIDE 1 set ikev1 transform-set transfrom-amzn crypto map MAP_OUTSIDE 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map MAP_OUTSIDE 1 set security-association lifetime seconds 3600 crypto map MAP_OUTSIDE 1 set reverse-route crypto map MAP_OUTSIDE 2 match address outside_cryptomap_3 crypto map MAP_OUTSIDE 2 set pfs crypto map MAP_OUTSIDE 2 set peer 52.17.198.135 54.72.63.159 crypto map MAP_OUTSIDE 2 set ikev1 transform-set transform-ireland crypto map MAP_OUTSIDE 2 set security-association lifetime seconds 3600 crypto map MAP_OUTSIDE 2 set reverse-route crypto map MAP_OUTSIDE 10000 ipsec-isakmp dynamic DYN_OUTSIDE crypto map MAP_OUTSIDE interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa keypair OutOfOfficeKeyPair proxy-ldc-issuer crl configure crypto ca trustpoint ASDM_TrustPoint1 enrollment terminal subject-name CN=leeds.internal.beaconsoft.ltd,O=Beaconsoft Limited,C=UK keypair OutOfOfficeKeyPair crl configure crypto ca trustpoint ASDM_TrustPoint2 enrollment terminal crl configure crypto ca trustpoint ASDM_TrustPoint3 enrollment terminal no validation-usage crl configure crypto isakmp identity address crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 crypto ikev1 enable inside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 201 authentication pre-share encryption aes hash sha group 2 lifetime 28800 crypto ikev1 policy 1000 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 3000 authentication pre-share encryption aes hash sha group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 management-access inside vpn-sessiondb max-other-vpn-limit 10 vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2 dhcpd dns Y.Y.Y.Y 8.8.8.8 dhcpd domain leeds.internal.beaconsoft.ltd dhcpd auto_config outside dhcpd option 3 ip 10.101.0.1 Y.Y.Y.Y dhcpd option 6 ip 10.1.13.58 8.8.8.8 ! dhcpd address 10.101.1.1-10.101.1.254 inside dhcpd dns Y.Y.Y.Y 8.8.8.8 interface inside dhcpd wins Y.Y.Y.Y interface inside dhcpd domain leeds.internal.beaconsoft.ltd interface inside dhcpd option 3 ip 10.101.0.1 interface inside dhcpd option 6 ip 10.1.13.58 8.8.8.8 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside anyconnect enable group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes wins-server value Y.Y.Y.Y dns-server value 8.8.8.8 8.8.4.4 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec default-domain value leeds.internal.beaconsoft.ltd group-policy DfltGrpPolicy attributes dns-server value Y.Y.Y.Y vpn-tunnel-protocol ikev1 ikev2 default-domain value beaconsoft.ltd group-policy OutOfOffice internal group-policy OutOfOffice attributes wins-server value Y.Y.Y.Y dns-server value Y.Y.Y.Y 1.1.1.1 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec default-domain value beaconsoft.ltd group-policy ireland-filter internal group-policy ireland-filter attributes vpn-filter value ireland-filter vpn-tunnel-protocol ikev1 group-policy filter1 internal group-policy filter1 attributes vpn-filter value amzn-filter vpn-tunnel-protocol ikev1 ikev2 group-policy filter internal group-policy filter attributes vpn-filter value acl-amzn tunnel-group DefaultL2LGroup ipsec-attributes ikev1 pre-shared-key ***** peer-id-validate nocheck isakmp keepalive threshold 15 retry 2 ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group DefaultRAGroup general-attributes address-pool OutOfOfficePool default-group-policy OutOfOffice tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** isakmp keepalive disable tunnel-group DefaultRAGroup ppp-attributes authentication pap no authentication chap authentication ms-chap-v2 tunnel-group DefaultWEBVPNGroup general-attributes address-pool OutOfOfficePool tunnel-group DefaultWEBVPNGroup ipsec-attributes isakmp keepalive threshold 15 retry 2 tunnel-group 35.177.42.137 type ipsec-l2l tunnel-group 35.177.42.137 general-attributes default-group-policy filter1 tunnel-group 35.177.42.137 ipsec-attributes ikev1 pre-shared-key ***** isakmp keepalive threshold 10 retry 10 tunnel-group 52.56.51.249 type ipsec-l2l tunnel-group 52.56.51.249 general-attributes default-group-policy filter1 tunnel-group 52.56.51.249 ipsec-attributes ikev1 pre-shared-key ***** isakmp keepalive threshold 10 retry 10 tunnel-group OutOfOffice type remote-access tunnel-group OutOfOffice general-attributes address-pool OutOfOfficePool authentication-server-group LDAP_SRV_GRP LOCAL authentication-server-group (inside) LDAP_SRV_GRP LOCAL authorization-server-group (inside) LDAP_SRV_GRP default-group-policy OutOfOffice strip-realm tunnel-group OutOfOffice webvpn-attributes nbns-server Y.Y.Y.Y timeout 2 retry 2 tunnel-group OutOfOffice ipsec-attributes ikev1 pre-shared-key ***** peer-id-validate cert tunnel-group OutOfOffice ppp-attributes authentication ms-chap-v2 tunnel-group 52.17.198.135 type ipsec-l2l tunnel-group 52.17.198.135 general-attributes default-group-policy ireland-filter tunnel-group 52.17.198.135 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 54.72.63.159 type ipsec-l2l tunnel-group 54.72.63.159 general-attributes default-group-policy ireland-filter tunnel-group 54.72.63.159 ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match access-list global_mpc match default-inspection-traffic class-map tcp_bypass match access-list tcp_bypass ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp policy-map tcp_bypass_policy class tcp_bypass set connection advanced-options tcp-state-bypass ! service-policy global_policy global service-policy tcp_bypass_policy interface inside
05-06-2019 03:51 PM - edited 05-06-2019 03:54 PM
Sorry for the reply, but this is a part answer
So going through https://www.cisco.com/c/en/us/support/docs/ip/layer-two-tunnel-protocol-l2tp/200340-Configure-L2TP-Over-IPsec-Between-Window.pdf
Very carefully I have the Remote Access VPN on OutOfOffice working, but I still don't have it working with the AAA Server (LDAP) I have updated the config in the post above
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide