cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1152
Views
5
Helpful
23
Replies
Highlighted
Beginner

Re: ASA RA VPN

Thanks for all of your help.

I needed the route inside 172.20.5.0 255.255.255.0 192.168.1.x 255.255.255.0 command.

Evertything appears to be working correctly now.

Highlighted
Advocate

Re: ASA RA VPN

Good deal, glad it worked out. Thanks for the rating.

Highlighted
Beginner

Re: ASA RA VPN

Ran into another problem this morning. I've tested everything on my end and it works great. Client has a new web server that we are supposed to RDP into once connected to VPN and set up. From my office logged in with our account, I can RDP to the server fine. From a different office, my web developer tries to log in and gets connected fine but can't RDP into the server. Any ideas why it would work from here but not from there?

Thanks!

Highlighted
Advocate

Re: ASA RA VPN

Check the firewall config for...

crypto isakmp nat-traversal

and add it if it is missing.

View solution in original post

Highlighted
Beginner

Re: ASA RA VPN

It wasn't in there. I added it and it worked. Can you tell me exactly what that command does?

Thanks again for all your help!

Highlighted
Advocate

Re: ASA RA VPN

It enables nat-traversal which allow you to have ipsec esp packets encapsulated in udp. To put it simply, if a vpn client is behind a pat/nat device, ipsec and pat are incompatible, therefore nat-t must be enabled and used. It runs over udp port 4500.

Highlighted
Beginner

Re: ASA RA VPN

I am in a middle of setting up an ipsec-vpn with ikev2. but my tunnel-group ipsec attributes will not accept

ikev2 command. Please refer to output below:

 

ata-FW(config)# tunnel-group RAVPN ipsec-attributes
Data-FW(config-tunnel-ipsec)# ?

tunnel-group configuration commands:
authorization-required Require users to authorize successfully in order to
connect (DEPRECATED)
chain Enable sending certificate chain
exit Exit from tunnel-group IPSec attribute configuration
mode
help Help for tunnel group configuration commands
ikev1 Configure IKEv1
isakmp Configure ISAKMP policy
no Remove an attribute value pair
peer-id-validate Validate identity of the peer using the peer's
certificate
radius-with-expiry Enable negotiation of password update during RADIUS
authentication (DEPRECATED)
Data-FW(config-tunnel-ipsec)#

Everyone's tags (3)
Highlighted
Hall of Fame Guru

Re: ASA RA VPN

Please start a new thread rather than add on to this 10 year old solved one.

Beginner

Re: ASA RA VPN

ok. Thanks.
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here