Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
1
Replies

Consolidated instructions needed on how to setup L2TP on ASA 5505 and Windows 7 client

rossbradenclarus
Level 1
Level 1

‎06-14-2011 05:25 PM

First, forgive me for being frustrated but I've been banging my head against this for a very long time and have made virtually no progress.

There is so much mis-information on the Internet and Cisco's own support site has bits and pieces everywhere (I've found at least 5 support pages in Cisco that address this subject), none work or are directly targeted at what I would consider is a major use case for this product. I can see from the many posts everywhere that getting L2TP/IPSEC to work is a major problem, requiring many configuration steps that all have to be perfect and there seems to be some trick to get it to work that most people struggle with. Most of the advice out there is impertinent and highly technical but doesn't work.

I would like to know if there is any consolidated instructions that WORK to create a VPN server on the 5505 using the ASDM and also how to set your Windows 7 (or 2008) client to work with it.

Like I've said, I've spent hours and hours on this and have yet to get anything to work.

I have a brand new 5505 connected directly to DSL (static IP) that I ran the wizard on and followed the best advice I could find (by the way there's TONS of information on getting XP to work but afaik, this does NOT work for windows 7). Now that I've tried various things without success, I believe I've gotten it so fouled up I need to reset to factory defaults and start over.

I also have another brand new 5505 connected to a different DSL line.   Behind that firewall, I have both windows 7 clients and windows 2008 server.  I've tried lots of different things to get these to work including the registry hacks (which, if indeed is required, I seriously can't believe that Cisco hasn't given us a tool for).

I have tried to use the ASDM to do all my programming as I find the CLI to be extremely error prone and virtually incomprehensible.

So, what the world needs is one place that gives all the instructions on what to do, step-by-step that really work for this simple use case of windows connecting to the ASA.

This is my first time posting so please forgive my frustrations and I am grateful in advance for any help you can offer.

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-15-2011 09:14 AM

Hi,

Long story short:

- Use configuration guide

- Things not always depend on Cisco (we've had cases generated by Microsoft's patches changing something and affecting L2TP o IPsec).

- Windows 7 and Vista do not support MD5 by default - you will see lots of config examples with MD5.

- Make sure you're using transport mode.

- Run latest code revision avialble (for known bugs)

If all things fail open up a TAC case.

There is not a step-by-step guide that we update with every release and patch from microsoft.

If you're frustrated already, save yourself some time, open up a TAC case. They folks there can very often tell you what is what which will save your time.

And Hey, if it works for you you can post it as a document on the forums for everyone else :-)

Marcin

0 Helpful
Customers Also Viewed These Support Documents