cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1262
Views
0
Helpful
9
Replies

error 412 - just configured remote vpn through Wizard

the_tester
Level 1
Level 1

Hi,

I did this configuration a lot of times, and it is the only thing that I have never had problem with.

So need people to connect through cisco vpn client using an ASA. I went through the wizard, configured everything etc.

When you connect with the client, the ASA doesnot repsond (you see a request on port 500 coming through, but nothing else). Debug isakmp and ipsec no output at all (term mon enable).

Following conf (the group is called "remotevpn"). Any thoughts?

cheers

hostname myhosntame

domain-name myomdain

enable password whatever

names

!

interface Ethernet0/0

description outside

speed 100

duplex full

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.248

!

interface Ethernet0/1

description inside

speed 100

duplex full

nameif ibc

security-level 100

ip address 2.2.2.2 255.255.255.248

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

speed 100

duplex full

nameif dmz

security-level 50

ip address 3.3.3.3 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

clock timezone west

clock summer-time west recurring 1 Sun Oct 2:00 1 Sun Apr 2:00

<--- More --->

dns server-group DefaultDNS

name-server 3.3.3.3

domain-name mydomain

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list NO-NAT extended permit ip 10.0.0.0 255.255.255.0 3.3.3.0.0 255.255.255.0

access-list NO-NAT extended permit ip 10.0.0.0 255.255.0.0 10.0.0.0 255.255.0.0

access-list NO-NAT extended permit ip 10.6.0.0 255.255.0.0 10.0.0.0 255.255.0.0

access-list NO-NAT extended permit ip 10.0.0.0 255.255.0.0 10.6.0.0 255.255.0.0

access-list NO-NAT extended permit ip any 10.7.1.0 255.255.255.0

access-list NAT extended permit ip 10.0.0.0 255.255.0.0 any

access-list NAT extended permit ip 10.6.0.0 255.255.0.0 any

access-list NAT extended permit ip host 10.203.99.18 any

access-list OUTSIDE-IN extended permit ip 203.16.214.0 255.255.255.0 any

access-list OUTSIDE-IN extended permit icmp any any time-exceeded

access-list OUTSIDE-IN extended permit icmp any any echo-reply

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.41 eq 3101

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.41 eq 8000 inactive

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.42 eq www

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.42 eq smtp

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.42 eq https            

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.43 eq www

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.43 eq smtp

access-list OUTSIDE-IN extended permit tcp any host 1.1.1.43 eq https

access-list OUTSIDE-IN extended deny ip any host 1.1.1.42

access-list OUTSIDE-IN extended deny ip any host 1.1.1.43

access-list SPLIT-TUN standard permit iphonevpn 255.255.255.0

access-list DMZ-ACL extended permit tcp host 3.3.3.0.200 any eq 2389

access-list DMZ-ACL extended permit tcp host 3.3.3.0.200 any eq 5043

access-list DMZ-ACL extended permit udp host 3.3.3.0.200 any eq 5043

access-list DMZ-ACL extended permit icmp host 3.3.3.0.200 any

access-list DMZ-NAT extended permit ip 3.3.3.0.0 255.255.255.0 any

access-list NoNAT-ACL extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0

access-list DMZ-IN extended permit icmp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list DMZ-IN extended permit tcp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0 eq 3389

access-list DMZ-IN extended permit tcp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0 eq 5043

access-list DMZ-IN extended permit udp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0 eq 5043

pager lines 24

logging enable

logging timestamp

logging buffer-size 65536

logging buffered debugging

logging asdm informational

mtu outside 1500

mtu ibc 1500

mtu management 1500

mtu dmz 1500

ip local pool anyconnect-ipsec 10.7.1.10-10.7.1.240 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (ibc) 0 access-list NO-NAT

nat (ibc) 1 access-list NAT

nat (dmz) 0 access-list NoNAT-ACL

nat (dmz) 1 access-list DMZ-NAT

static (ibc,outside) tcp interface 3101 10.0.1.11 3101 netmask 255.255.255.255

static (ibc,outside) 1.1.1.42 10.0.0.10 netmask 255.255.255.255

static (ibc,outside) 1.1.1.43 10.0.1.10 netmask 255.255.255.255

access-group OUTSIDE-IN in interface outside

access-group DMZ-IN in interface dmz

!

router eigrp 100

no auto-summary

passive-interface default

no passive-interface ibc

<--- More --->

redistribute static

!

route outside 0.0.0.0 0.0.0.0 1.1.1.46 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server localusers protocol tacacs+

aaa-server localusers (ibc) host 10.193.0.1

key *****

aaa-server RADIUS protocol radius

aaa-server RADIUS (ibc) host 10.0.0.10

key *****

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

http server enable

<--- More --->

snmp-server host ibc 10.193.0.1 community *****

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set IphoneVpn esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 10 set pfs group1

crypto dynamic-map outside_dyn_map 10 set transform-set IphoneVpn

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 IphoneVpn

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map ibc_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map ibc_map interface ibc

<--- More --->

crypto map remotevpn 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map remotevpn interface outside

crypto ca trustpoint ASDM_TrustPoint3

enrollment terminal

crl configure

crypto ca trustpoint LOCAL-CA-SERVER

keypair LOCAL-CA-SERVER

crl configure

crypto ca trustpoint ASDM_TrustPoint5

enrollment self

keypair ASDM_TrustPoint4

crl configure

crypto ca trustpoint ASDM_TrustPoint0

enrollment terminal

crl configure

crypto ca trustpoint ASDM_TrustPoint6

enrollment terminal

no client-types

crl configure

crypto ca trustpoint ASDM_TrustPoint1

crl configure

crypto ca trustpoint ASDM_TrustPoint2

enrollment self

subject-name CN=myrhost-asa

<--- More --->

keypair iphone11

crl configure

crypto ca server

shutdown

cdp-url http://myrhost-ASA.myrhost.com.au/+CSCOCA+/asa_ca.crl

issuer-name CN=myrhost-ASA.myrhost.com.au

smtp from-address CertRequest@myrhost-ASA.myrhost.priv

crypto ca certificate map iphone 10

subject-name attr cn eq administrator

crypto ca certificate chain ASDM_TrustPoint3

certificate ca 54234ae5087e3b854276c16a33e062d8

    308204a2 3082038a a0030201 02021054 234ae508 7e3b8542 76c16a33 e062d830

    0d06092a 864886f7 0d010105 05003045 31143012 060a0992 268993f2 2c640119

    16047072 69763119 3017060a 09922689 93f22c64 01191609 68696e64 6d617273

    68311230 10060355 04031309 48696e64 6d617273 68301e17 0d303830 34333032

    33333430 345a170d 31383035 30313233 34313435 5a304531 14301206 0a099226

    8993f22c 64011916 04707269 76311930 17060a09 92268993 f22c6401 19160968

    696e646d 61727368 31123010 06035504 03130948 696e646d 61727368 30820122

    300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 008c41a9

    4052246e 71f162f8 cd0742b9 1aac74b4 f0dde6b1 5d11a2da f77c7697 1125d400

    81284576 d3b27101 3ae3d294 b02d6754 1862bfbd 1c17817b e1cea207 3be8f0fb

    d7351fc5 954c1cb3 c13f7bcc 12e0b889 e03a49d4 f0753f73 38b9c256 03a8adaa

    ad6c5382 caa12464 00894401 bcf9d27f d8e5edd6 5c2e6a01 0e2721cf 5801d007

    9662d259 1099832a 855043af e86c574d aa3dbf69 a995c861 a9bf667c 8696794e

<--- More --->

    d2baa54f fe73bb23 c622e30b a2ff987d 86e1a7c4 ec0770ba 04ac9572 03de86a6

    3c24ead5 b55a0018 c6e52208 b5b074b5 30177ddd 8b640255 e60f8a9c 4c2ff3ac

    f54d7a15 b99798d1 78987286 1271996b 502abe1c 0b922c51 a6b18c84 e1020301

    0001a382 018c3082 0188300b 0603551d 0f040403 02018630 0f060355 1d130101

    ff040530 030101ff 301d0603 551d0e04 1604146d 59251602 5f10ea0c 71cfbdda

    f49be4b1 0687b630 82010e06 03551d1f 04820105 30820101 3081fea0 81fba081

    f88681b8 6c646170 3a2f2f2f 434e3d48 696e646d 61727368 2832292c 434e3d61

    63742d73 76723031 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925

    32305365 72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967

    75726174 696f6e2c 44433d68 696e646d 61727368 2c44433d 70726976 3f636572

    74696669 63617465 5265766f 63617469 6f6e4c69 73743f62 6173653f 6f626a65

    6374436c 6173733d 63524c44 69737472 69627574 696f6e50 6f696e74 863b6874

    74703a2f 2f616374 2d737672 30312e68 696e646d 61727368 2e707269 762f4365

    7274456e 726f6c6c 2f48696e 646d6172 73682832 292e6372 6c301206 092b0601

    04018237 15010405 02030200 02302306 092b0601 04018237 15020416 041481b1

    d7c7603e 498287ec 3df54e65 ad7f0c92 6ca3300d 06092a86 4886f70d 01010505

    00038201 01002e7f c27eca92 64dc6f35 27ec9be9 02724390 d05a061b f46d6bc2

    96c0c809 9ed3d1a6 ef095277 5031848d cfded32a 0fe34b79 b6ff6b38 70192d1d

    492901c5 d58ba1c2 592c3eee 78b9b894 d6d91db7 dd51bb6e 226436e8 3da2e3b7

    112ba2f6 7369fbf3 1eb9d6ba d8165b25 1f4c0722 436453c3 c30abb38 92e4d62d

    56001a25 b1042c21 7fabe217 26be7ed9 f1da9266 3f305de8 7903a4ea 4fce4e96

    bb8dfe13 d0cb7181 1ea35375 c02783ae e8bf92fe 54cfa3f4 6a36f5c0 e31b05d1

    d39c7521 b9724923 92c25bce a71e84de 5c4db0dd f4054ac3 9bf4a32f d6c5ea99

    61c4c257 cf619cb8 969c9de8 49d2f62f 866f7ad2 cd4256dd a8f7e74f 15368cb9

<--- More --->

    4f9ae258 d00f

  quit

crypto ca certificate chain LOCAL-CA-SERVER

certificate ca 01

    3082022b 30820194 a0030201 02020101 300d0609 2a864886 f70d0101 05050030

    29312730 25060355 0403131e 48696e64 6d617273 682d4153 412e6869 6e646d61

    7273682e 636f6d2e 6175301e 170d3132 31303232 30353034 34385a17 0d313531

    30323230 35303434 385a3029 31273025 06035504 03131e48 696e646d 61727368

    2d415341 2e68696e 646d6172 73682e63 6f6d2e61 7530819f 300d0609 2a864886

    f70d0101 01050003 818d0030 81890281 8100b040 97d8afa3 a3af1b00 6e300a49

    d5fe5c3a 9442418d e0087e69 a638f167 6be97084 d8d834ca add1f45b 3ee15251

    67f65dda 234dcc88 46562e1d 29a85284 2c23048a 1df5dcf1 f1b527db 88dc356f

    eca0d6ef f756a9cd 573390fb b27088e9 4665e28f a69dc2a1 436b7a92 82db1ef8

    a2ed6b6e 439a7a60 0c768048 f8e3d7f9 d3510203 010001a3 63306130 0f060355

    1d130101 ff040530 030101ff 300e0603 551d0f01 01ff0404 03020186 301f0603

    551d2304 18301680 14b8e61f 861074f7 c68d1cfb 459ac98f 8d33230e 3f301d06

    03551d0e 04160414 b8e61f86 1074f7c6 8d1cfb45 9ac98f8d 33230e3f 300d0609

    2a864886 f70d0101 05050003 81810053 456a556a ada5bcfe 692bb218 8ffc5cc2

    83e7f3ae d1c2a2ae 791101e1 9ee19839 a79f97a4 cd36849c 9177bdb7 e4c490b7

    01aa9690 d6e387fa 58c2b728 72803455 c86a72de 1e339449 6fd18e0d c80b7d3b

    aaf9f4dd 384e4495 90b5e882 31fac6a3 4f250b4c 40c41b4b 8c2af673 1ceff4a8

    7b2fd602 88a87982 de1169b2 0cc144

  quit

crypto ca certificate chain ASDM_TrustPoint5

<--- More --->

certificate f84bff6f69cca7944fc2e7dc5075fbc8

    30820237 30820224 a0030201 020210f8 4bff6f69 cca7944f c2e7dc50 75fbc830

    0906052b 0e03021d 0500305c 310b3009 06035504 06130241 55311130 0f060355

    04071308 4164656c 61696465 310b3009 06035504 08130253 41311230 10060355

    040a1309 48696e64 6d617273 68311930 17060355 04031310 68696e64 6d617273

    682e636f 6d2e6175 301e170d 31323131 31353232 31313230 5a170d31 33313131

    36303431 3132305a 305c310b 30090603 55040613 02415531 11300f06 03550407

    13084164 656c6169 6465310b 30090603 55040813 02534131 12301006 0355040a

    13094869 6e646d61 72736831 19301706 03550403 13106869 6e646d61 7273682e

    636f6d2e 61753082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082

    010a0282 010100cd 481617b4 2ffae3a1 0fb69f7d 0c048bec 9f2b2d41 c0bdd362

    bf2eec75 a0ebe429 fa4138ef f0040427 60740b23 83a7051d f6ff761b 536d2a3c

    5e525208 b4008980 9525adbf 386f2800 9b9ed247 d5501d6d 9538e2a2 103dba57

    67a6d203 50b92eba c8f8fdf8 dbe32bab 30d77fd9 d1515894 8a7d1f4e fd15b043

    d963c0be d8274bec a9c35ebe be2a1d40 00c5e15e 24ec5fb7 b2f998da a79b3645

    41aeaf68 c3c18d31 2a3aad23 22ca1183 86cee536 cc3de207 607e9436 5b840746

    ecd24c76 6c8841dd 735c3727 c100588b 7fc9336d 0f2d93b0 64c08847 8f20740d

    c73bf807 8e74e11d 927aa580 d03e6c1e 835d1c0a 9ef8b44c 76695435 fc44f851

    12d3db52 38ba8902 03010001 30090605 2b0e0302 1d050003 020028

  quit

crypto ca certificate chain ASDM_TrustPoint0

certificate ca 7373176e1f46

    30820585 3082046d a0030201 02020673 73176e1f 46300d06 092a8648 86f70d01

    01050500 3081ca31 0b300906 03550406 13025553 3110300e 06035504 08130741

<--- More --->

    72697a6f 6e613113 30110603 55040713 0a53636f 74747364 616c6531 1a301806

    0355040a 1311476f 44616464 792e636f 6d2c2049 6e632e31 33303106 0355040b

    132a6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464 792e636f

    6d2f7265 706f7369 746f7279 3130302e 06035504 03132747 6f204461 64647920

    53656375 72652043 65727469 66696361 74696f6e 20417574 686f7269 74793111

    300f0603 55040513 08303739 36393238 37301e17 0d313231 31313630 31333233

    315a170d 31333131 31363031 33323331 5a305931 19301706 0355040a 13106869

    6e646d61 7273682e 636f6d2e 61753121 301f0603 55040b13 18446f6d 61696e20

    436f6e74 726f6c20 56616c69 64617465 64311930 17060355 04031310 68696e64

    6d617273 682e636f 6d2e6175 30820122 300d0609 2a864886 f70d0101 01050003

    82010f00 3082010a 02820101 00cd4816 17b42ffa e3a10fb6 9f7d0c04 8bec9f2b

    2d41c0bd d362bf2e ec75a0eb e429fa41 38eff004 04276074 0b2383a7 051df6ff

    761b536d 2a3c5e52 5208b400 89809525 adbf386f 28009b9e d247d550 1d6d9538

    e2a2103d ba5767a6 d20350b9 2ebac8f8 fdf8dbe3 2bab30d7 7fd9d151 58948a7d

    1f4efd15 b043d963 c0bed827 4beca9c3 5ebebe2a 1d4000c5 e15e24ec 5fb7b2f9

    98daa79b 364541ae af68c3c1 8d312a3a ad2322ca 118386ce e536cc3d e207607e

    94365b84 0746ecd2 4c766c88 41dd735c 3727c100 588b7fc9 336d0f2d 93b064c0

    88478f20 740dc73b f8078e74 e11d927a a580d03e 6c1e835d 1c0a9ef8 b44c7669

    5435fc44 f85112d3 db5238ba 89020301 0001a382 01df3082 01db300f 0603551d

    130101ff 04053003 01010030 1d060355 1d250416 30140608 2b060105 05070301

    06082b06 01050507 0302300e 0603551d 0f0101ff 04040302 05a03033 0603551d

    1f042c30 2a3028a0 26a02486 22687474 703a2f2f 63726c2e 676f6461 6464792e

    636f6d2f 67647331 2d38302e 63726c30 53060355 1d20044c 304a3048 060b6086

    480186fd 6d010717 01303930 3706082b 06010505 07020116 2b687474 703a2f2f

<--- More --->

    63657274 69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974

    6f72792f 30818006 082b0601 05050701 01047430 72302406 082b0601 05050730

    01861868 7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4a06082b

    06010505 07300286 3e687474 703a2f2f 63657274 69666963 61746573 2e676f64

    61646479 2e636f6d 2f726570 6f736974 6f72792f 67645f69 6e746572 6d656469

    6174652e 63727430 1f060355 1d230418 30168014 fdac6132 936c45d6 e2ee855f

    9abae776 9968cce7 304c0603 551d1104 45304382 1068696e 646d6172 73682e63

    6f6d2e61 75821477 77772e68 696e646d 61727368 2e636f6d 2e617582 19696e74

    72616e65 742e6869 6e646d61 7273682e 636f6d2e 6175301d 0603551d 0e041604

    14fd5de8 76b2d259 7baabe76 1e649da4 c610c594 b9300d06 092a8648 86f70d01

    01050500 03820101 00525e9a 18fd640c 03b138d2 1572adc4 595fc303 48e68942

    72e575ea e5f8a48c 252ec5d8 281ca104 bfc41e37 3a6c3d92 042b82b0 f0999bab

    7a9f9cf2 46e2e64f 2ccad19c c877a9e7 61295630 60ce4658 135d5271 ea4814b1

    e25a0223 ad9e10b1 c42306ad 54d9675a 37a6dbda 3d75bbb0 9f7b5323 d88b66bb

    21fe3127 816ed9cf 56f14b79 f8fd39b3 0e0fc42d c4f8223b 0a6673ce b78ab2cd

    b58b14cc be6be12b f6e5db80 81ee33e8 7c1a6523 7f34671a c2517a9c 569c5aa1

    02d6b086 97f6f390 2fcb948c 538fcd81 b8de0893 7d362b7d 4d377428 457b6532

    76c5a918 ebf4aa74 133cf38d e19d2edd eb314135 f8ba057b f4b84fdc db9e01ac

    b15a6568 f369b0ed ce

  quit

crypto ca certificate chain ASDM_TrustPoint6

certificate ca 7373176e1f46

    30820585 3082046d a0030201 02020673 73176e1f 46300d06 092a8648 86f70d01

    01050500 3081ca31 0b300906 03550406 13025553 3110300e 06035504 08130741

<--- More --->

    72697a6f 6e613113 30110603 55040713 0a53636f 74747364 616c6531 1a301806

    0355040a 1311476f 44616464 792e636f 6d2c2049 6e632e31 33303106 0355040b

    132a6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464 792e636f

    6d2f7265 706f7369 746f7279 3130302e 06035504 03132747 6f204461 64647920

    53656375 72652043 65727469 66696361 74696f6e 20417574 686f7269 74793111

    300f0603 55040513 08303739 36393238 37301e17 0d313231 31313630 31333233

    315a170d 31333131 31363031 33323331 5a305931 19301706 0355040a 13106869

    6e646d61 7273682e 636f6d2e 61753121 301f0603 55040b13 18446f6d 61696e20

    436f6e74 726f6c20 56616c69 64617465 64311930 17060355 04031310 68696e64

    6d617273 682e636f 6d2e6175 30820122 300d0609 2a864886 f70d0101 01050003

    82010f00 3082010a 02820101 00cd4816 17b42ffa e3a10fb6 9f7d0c04 8bec9f2b

    2d41c0bd d362bf2e ec75a0eb e429fa41 38eff004 04276074 0b2383a7 051df6ff

    761b536d 2a3c5e52 5208b400 89809525 adbf386f 28009b9e d247d550 1d6d9538

    e2a2103d ba5767a6 d20350b9 2ebac8f8 fdf8dbe3 2bab30d7 7fd9d151 58948a7d

    1f4efd15 b043d963 c0bed827 4beca9c3 5ebebe2a 1d4000c5 e15e24ec 5fb7b2f9

    98daa79b 364541ae af68c3c1 8d312a3a ad2322ca 118386ce e536cc3d e207607e

    94365b84 0746ecd2 4c766c88 41dd735c 3727c100 588b7fc9 336d0f2d 93b064c0

    88478f20 740dc73b f8078e74 e11d927a a580d03e 6c1e835d 1c0a9ef8 b44c7669

    5435fc44 f85112d3 db5238ba 89020301 0001a382 01df3082 01db300f 0603551d

    130101ff 04053003 01010030 1d060355 1d250416 30140608 2b060105 05070301

    06082b06 01050507 0302300e 0603551d 0f0101ff 04040302 05a03033 0603551d

    1f042c30 2a3028a0 26a02486 22687474 703a2f2f 63726c2e 676f6461 6464792e

    636f6d2f 67647331 2d38302e 63726c30 53060355 1d20044c 304a3048 060b6086

    480186fd 6d010717 01303930 3706082b 06010505 07020116 2b687474 703a2f2f

<--- More --->

    63657274 69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974

    6f72792f 30818006 082b0601 05050701 01047430 72302406 082b0601 05050730

    01861868 7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4a06082b

    06010505 07300286 3e687474 703a2f2f 63657274 69666963 61746573 2e676f64

    61646479 2e636f6d 2f726570 6f736974 6f72792f 67645f69 6e746572 6d656469

    6174652e 63727430 1f060355 1d230418 30168014 fdac6132 936c45d6 e2ee855f

    9abae776 9968cce7 304c0603 551d1104 45304382 1068696e 646d6172 73682e63

    6f6d2e61 75821477 77772e68 696e646d 61727368 2e636f6d 2e617582 19696e74

    72616e65 742e6869 6e646d61 7273682e 636f6d2e 6175301d 0603551d 0e041604

    14fd5de8 76b2d259 7baabe76 1e649da4 c610c594 b9300d06 092a8648 86f70d01

    01050500 03820101 00525e9a 18fd640c 03b138d2 1572adc4 595fc303 48e68942

    72e575ea e5f8a48c 252ec5d8 281ca104 bfc41e37 3a6c3d92 042b82b0 f0999bab

    7a9f9cf2 46e2e64f 2ccad19c c877a9e7 61295630 60ce4658 135d5271 ea4814b1

    e25a0223 ad9e10b1 c42306ad 54d9675a 37a6dbda 3d75bbb0 9f7b5323 d88b66bb

    21fe3127 816ed9cf 56f14b79 f8fd39b3 0e0fc42d c4f8223b 0a6673ce b78ab2cd

    b58b14cc be6be12b f6e5db80 81ee33e8 7c1a6523 7f34671a c2517a9c 569c5aa1

    02d6b086 97f6f390 2fcb948c 538fcd81 b8de0893 7d362b7d 4d377428 457b6532

    76c5a918 ebf4aa74 133cf38d e19d2edd eb314135 f8ba057b f4b84fdc db9e01ac

    b15a6568 f369b0ed ce

  quit

crypto ca certificate chain ASDM_TrustPoint2

certificate 340a6e50

    30820306 308201ee a0030201 02020434 0a6e5030 0d06092a 864886f7 0d010105

    05003045 31163014 06035504 03130d68 696e646d 61727368 2d617361 312b3029

<--- More --->

    06092a86 4886f70d 01090216 1c68696e 646d6172 73682d61 73612e68 696e646d

    61727368 2e707269 76301e17 0d313231 31323132 33313733 325a170d 32323131

    31393233 31373332 5a304531 16301406 03550403 130d6869 6e646d61 7273682d

    61736131 2b302906 092a8648 86f70d01 0902161c 68696e64 6d617273 682d6173

    612e6869 6e646d61 7273682e 70726976 30820122 300d0609 2a864886 f70d0101

    01050003 82010f00 3082010a 02820101 00c7f9d0 3bb105e8 18bd2739 6535a4a8

    91861adf b60cca48 86d14c11 e0723b2d b392a969 6edce9df bfca7c4c 50491bdf

    6ed4c8e3 1f9e3701 6be5d085 b06b1f5d c367d8e5 78589069 64f4777f b99e9823

    b664d12f e789f1da 90a8b0a4 79b09586 1a66c38b 62756689 02a228a6 2091e404

    a6c32048 c3973c3a 31f1c366 a83123d3 bc175818 4d02e73f 5abf6a59 36a70693

    40d12b8d 69b053f5 90a5127f b5d8e90e 77e4dbdc 32c2bc10 47fb3684 4c944195

    65b5b83c aa6b5ddf d5a19017 5d6650d8 de13b09e 22515b6a 8d41ca92 73190dce

    d9e9df19 336ef825 d1ae2538 2f4c9905 35cde9f0 3e07cba9 69ac2e31 12768cf3

    c8533784 c82cec48 12465d45 e1df70cc cf020301 0001300d 06092a86 4886f70d

    01010505 00038201 010009f0 bd80e99a cf157ffd e30f0e60 6cacb526 46db1c12

    177aeaec f348b72c 5b7aff3e 303a4c9b 8a221806 75a8ae69 01fed696 beafbbe0

    0a903e84 d860f0e2 0e47fa98 76304b1e 46cc5002 2b3de192 21291d2f 6f3c7335

    aa7ac8a1 a417926c 51dcb392 8c08a2a5 7ef9ae0c 9353e7bf 1e2eb523 68f04e4f

    c3853d3f a9169caa c20ead31 1569fbbb cbcf8a53 0b4f0ad6 ca8cfd8d 004a6f66

    73153735 1d89cd1f 14ebcbee dd787d42 2906cc79 9f0b4f3c afb5bf01 36f0a97d

    9553801d a84ea1aa 9782d88b fcffbcb8 50e8ae37 49635234 bd0a920b 9244c220

    28a1616d 072908b1 10ecf634 30822a7f 56a7bdb1 2cef44c6 e0bf2ca9 0f57d037

    14ea3df6 d8f78262 81dd

  quit

<--- More --->

crypto isakmp enable outside

crypto isakmp enable ibc

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 65535

authentication rsa-sig

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 21

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-addr-assign local reuse-delay 20

vpn-sessiondb max-session-limit 10

telnet timeout 5

ssh 1.1.1.4 255.255.255.252 outside

<--- More --->

ssh 3.3.3.3 255.255.255.255 ibc

ssh timeout 60

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 10.193.0.1 source ibc

ntp server 192.231.203.132 source outside

ssl trust-point ASDM_TrustPoint5 outside

ssl certificate-authentication interface outside port 443

webvpn

enable outside

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

dns-server value 10.0.0.10

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

default-domain value myrhost.priv

group-policy iphonevpnpolicy internal

group-policy iphonevpnpolicy attributes

<--- More --->

banner value myrhost VPN

wins-server none

dns-server value 10.0.0.10

vpn-simultaneous-logins 40

vpn-idle-timeout 30

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUN

default-domain value myrhost.priv

address-pools value iphonevpnpool

group-policy remotevpn internal

group-policy remotevpn attributes

dns-server value 10.0.0.10

vpn-tunnel-protocol IPSec svc

default-domain value myrhost.priv

vpn-group-policy remotevpn

<--- More --->

vpn-group-policy iphonevpnpolicy

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

group-lock value DefaultRAGroup

service-type remote-access

tunnel-group DefaultRAGroup general-attributes

address-pool iphonevpnpool

tunnel-group DefaultRAGroup webvpn-attributes

authentication certificate

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *****

trust-point ASDM_TrustPoint0

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool iphonevpnpool

tunnel-group DefaultWEBVPNGroup webvpn-attributes

authentication certificate

tunnel-group remotevpn type remote-access

tunnel-group remotevpn general-attributes

address-pool anyconnect-ipsec

default-group-policy remotevpn

tunnel-group remotevpn ipsec-attributes

pre-shared-key *****

!

<--- More --->

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

<--- More --->

  inspect ip-options

!

service-policy global_policy global

smtp-server 3.3.3.3

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:fd53ae4ccc0e63ae30352bb1ddb64879

: end

9 Replies 9

Hi,

Please add the following command:

crypto map outside_map interface outside

That should do it.

Portu.

Please rate any helpful posts

Actually I just noticed that you have any crypto maps, which one are you using?

Thanks.

thanks for your help, but unfortunately it didnt work, still same behaviour.

cheers

the groupvpn is called remotevpn

Are you trying to connect to the IP address of the outside interface?

Thanks.

yeap, thanks!

anyone any clues?

thanks

crypto dynamic-map outside_dyn_map 10 set pfs group1
crypto dynamic-map outside_dyn_map 10 set transform-set IphoneVpn
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 IphoneVpn
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map ibc_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map ibc_map interface ibc
crypto map remotevpn 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map remotevpn interface outside

Too many: ibc_map, outside_map, remotevpn. It will not work. Try to redo it with just one.

thanks for your help Eli.

That configuration has been created by ASDM, but the more i m using these devices, the more i think it is better to stay away from the actual gui.

cheers  i ll let you know how i go.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: