06-06-2012 10:03 AM
I have recently configured our ASA 5510 to support L2TP remote access connections, however the connections seem to fail after Phase 1.
the basic error from the isakmp debugging is:
Jun 06 11:03:25 [IKEv1]: Group = DefaultRAGroup, IP = 166.248.0.43, QM FSM error (P2 struct &0xad6eab50, mess id 0xa3b43504)!
Jun 06 11:03:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 166.248.0.43, IKE QM Responder FSM error history (struct &0xad6eab50) <state>, <event>: QM_DONE, EV_ERROR-->QM_WAIT_MSG3, EV_RESEND_MSG-->QM_WAIT_MSG3, NullEvent-->QM_SND_MSG2, EV_SND_MSG-->QM_SND_MSG2, EV_START_TMR-->QM_SND_MSG2, EV_RESEND_MSG-->QM_WAIT_MSG3, EV_RESEND_MSG-->QM_WAIT_MSG3, NullEvent
Jun 06 11:03:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 166.248.0.43, IKE Deleting SA: Remote Proxy 10.190.146.32, Local Proxy My.Outside.IP.Here
Jun 06 11:03:25 [IKEv1]: Group = DefaultRAGroup, IP = 166.248.0.43, Removing peer from correlator table failed, no match!
Jun 06 11:03:25 [IKEv1]: Group = DefaultRAGroup, IP = 166.248.0.43, Session is being torn down. Reason: Lost Service
I used this guide: http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/l2tp_ips.html
I've tried to fix this problem using: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
I've attached the full captured debug from asa side during a connection attempt with my phone.
I've also attached the pertinant running-config pieces from my asa.
Please help me! I don't know what else to try.
06-06-2012 08:14 PM
Under "tunnel-group DefaultRAGroup ppp-attributes", please enable PAP and MSCHAPv1:
authentication pap
authentication ms-chap-v1
From the debug output, it seems that IPSec is up, however, L2TP is failing.
06-07-2012 08:24 AM
I've added authentication pap, authentication ms-chap-v1 and authentication chap however I get identical results. Any other thoughts?
06-10-2012 11:16 AM
Any other thoughts? I've tested from my phone (android) and from my home pc (windows 7) and both timeout on the client side.
06-13-2012 08:29 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide