cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
3166
Views
0
Helpful
9
Replies
rmujeeb81
Beginner

L2TP/IPSec Error 720

Dear All,

I am trying to establish L2TP/IPSec VPN using ASA 8.4(2) and Windows 7 (64-bit) but getting error 720 while trying to connect from windows 7 pc.

Kindly find the attached configuration and error snap shot.

9 REPLIES 9
rmujeeb81
Beginner

Dear All,

Kindly advice, what could be the root cause ?

Thanks for your support.

czaja0000
Beginner

Hi,

1. ASAs configuration looks correct, but I don't understand why you use a DHCP server if you indicate VPN pool.

tunnel-group DefaultRAGroup general-attributes

address-pool VPN

default-group-policy DefaultRAGroup

dhcp-server 10.10.1.6

2. Verify that the addresses of VPN pool don't overlap with the local address of your computer.

3. Maybe the cause is in the Windows 7. Check it out.

Rebuild the TCP/IP stack by opening an command prompt and entering the following command:

netsh int ip reset >> ResetIP.log

Next restart the computer and try again establish L2TP connectin.

________________

Best regards,
MB

________________ Best regards, MB

Hi ,

Yes dhcp was unnecessary and there is no overlap between VPN pool and local network.

I tried point # 3 as well but no luck , same error is appearing.

Regards,

MS

Usually debugging is used in these kind of situations.

Do the

debug crypto ikev1

debug crypto ipsec

and see what's happenning when you're trying to establish connection.

Plus, though it's not critical, I wouldn't rely on the default tunnel-group/group-policy configurations. It's allwas better to create some new, and tune them.

Shaoqin Li
Participant

get debug or set buffer log to debug and past the log here. 720 looks like a phase 1 policy mismatch.

Sent from Cisco Technical Support iPhone App

Hi Shaogin,

Kindly find the attached output of 'debug crypto ikev1' and nothing is coming against 'debug crypto ipsec'.

Regards,

Mujeeb

In the debug provided, username test is used for connection.

The only username that may be used, having what's in your running config, is l2tp:

username l2tp password 31XddrF4FUa04JqfYDr2Jw== nt-encrypted

So, check again what username/password is used for the connection, and change it to l2tp/password-for-l2tp-user

Hi Andrew,

The problem was due to "no vpn-addr-assign local" command which was mistakenly part of the configuration.

Regards,

Mujeeb

Ok, good to know.

Content for Community-Ad