cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
654
Views
0
Helpful
2
Replies

ASA5505 Remote Access VPN

jbrunsting
Level 1
Level 1

I have an ASA5505. For some reason, I can;t get remote access VPN to work! I keep getting an error with reason 412 on my Cisco VPN client. Everything *seems* to be right, but then again, I'm using the ASDM to work on this and it wasn't exactly helpful with the access-lists. Can someone take a look and tell me if this config looks right to you? Right now, I'm just trying to get a connection to establish. THEN I'll worry about split-tunneling and access to resources, etc. I already have a pair of site-to-site VPN tunnels running and working perfectly. It's the remote access that's gving me headaches. Thanks.

2 Replies 2

jbrunsting
Level 1
Level 1

Okay, I realized a few stupid things I was doing in the client side. Please ignore a lot of this. However, I've now progressed to the point where it's saying "Negotiating security policies..." and then bombs out with "Reason 433: (Reason Not Specified by Peer)"

rsherman
Level 1
Level 1

Command line all the way!

access-list nonat extended permit ip 10.0.2.0 255.255.255.0 10.0.3.0 255.255.255.0

access-list splittunnel extended permit ip 10.0.2.0 255.255.255.0 10.0.3.0 255.255.255.0

local pool Remote_Users 10.3.0.1-10.3.0.254

nat (inside) 0 access-list nonat

group-policy Remote_Users internal

group-policy Remote_Users attributes

dns-server value 10.0.2.252 66.151.0.25

wins-server 10.0.2.252

vpn-idle-timeout 20

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel

username admin password usKBR9pR4f8aT7eY encrypted privilege 15

crypto ipsec transform-set Remote_Users esp-3des esp-md5-hmac

crypto dynamic-map dyn1 1 set transform-set Remote_Users

crypto map mymap 2 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 20

tunnel-group Remote_Users type ipsec-ra

tunnel-group Remote_Users general-attributes

address-pool Remote_Users

default-group-policy Remote_Users

tunnel-group Remote_Users ipsec-attributes

pre-shared-key *