remote access IPSec VPN

Anukalp S · ‎07-21-2014

Hi..

I have been running IPSec RA VPN on ASA at my one location, i have recently setup a new location with new another ASA configured with IPSec RA VPN. I have configured same VPN group name on this new ASA.

I have been seeing a strange behaviour which is that when i create a vpn account on this new ASA and try connect to VPN it does not connect and when i create same vpn account on old ASA too, RA VPN starts connecting.

I have configured split tunnel on both ASA and both ASA are configured to assign ip to vpn user of different segment(like ASA-A : 10.110.50-90/24, ASA-B : 10.115.40.60/24).

i dont know why this is this issue, is this because of same group policy name or VPN group name.

Pls help me.

Julio Carvajal · ‎07-21-2014

Hello,

No, it should not as both sites have different public IP addresses and the PCF file on the VPN client will be different.

There got to be a config issue.

Regards

jcarvaja
CCIE R&S 42930, 2-CCNP,JNCIS-SEC
Looking for a quick remote support session? Contact us at inetworks.cr

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

turbo_engine26 · ‎07-28-2014

Hi,

Please enable couple of debuggings in the second (new ASA) RA connection:

debug crypto isakmp

debug crypto ipsec

Then, try to initiate the connection from the vpn client and paste the results here.

AM

nkarthikeyan · ‎07-28-2014

Hi Anukalp,

Could you please provide the required configurations of VPN part for both the sites?

while doing modifications with the same configurations, you could have missed a simple thing?

Regards

Karthik