Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
0
Helpful
2
Replies

L2TP over IPSec, ASA 8.0

isk-admin
Level 1
Level 1

‎04-21-2008 05:40 AM - edited ‎02-21-2020 01:59 AM

We use CISCO VPN Client for RA. Now, a special application have to work with L2TP over IPSec. First I configure as shown in http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml#win and after with VPN Wizzard. Both times I cannot connect but don t know why. Phase 1 is established and an error occured while Phase 2:

PIX|ASA-6-713177

PIX|ASA-3-713902

I tested behind and in front of an nat-device with same error. client-identity is configured for ip-address. Whats going wrong?

Is it possible to configure an ACL for port 1701? I read something like that in earlier postings but cannot believe it.

Regards

Helmut

0 Helpful
2 Replies 2

vkapoor5
Level 5
Level 5

‎04-25-2008 08:12 AM

If the user is an L2TP client that uses Microsoft CHAP version 1 or version 2, and the security appliance is configured - to authenticate against the local database, you must include the mschap keyword. For example, username password mschap.

Note tunnel-group must be the DefaultRAGroup name.

0 Helpful

bitrob2000
Level 1
Level 1
In response to vkapoor5

‎09-30-2009 09:37 AM

My question is why does

DefaultRAGroup

have to be used and not another name

such as for example RemoteRA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card