07-01-2013 09:46 PM - edited 02-21-2020 06:59 PM
Dear All,
I am trying to establish L2TP/IPSec VPN using ASA 8.4(2) and Windows 7 (64-bit) but getting error 720 while trying to connect from windows 7 pc.
Kindly find the attached configuration and error snap shot.
07-02-2013 11:52 AM
Dear All,
Kindly advice, what could be the root cause ?
Thanks for your support.
07-02-2013 04:38 PM
Hi,
1. ASAs configuration looks correct, but I don't understand why you use a DHCP server if you indicate VPN pool.
tunnel-group DefaultRAGroup general-attributes
address-pool VPN
default-group-policy DefaultRAGroup
dhcp-server 10.10.1.6
2. Verify that the addresses of VPN pool don't overlap with the local address of your computer.
3. Maybe the cause is in the Windows 7. Check it out.
Rebuild the TCP/IP stack by opening an command prompt and entering the following command:
netsh int ip reset >> ResetIP.log
Next restart the computer and try again establish L2TP connectin.
________________
Best regards,
MB
07-03-2013 01:07 AM
Hi ,
Yes dhcp was unnecessary and there is no overlap between VPN pool and local network.
I tried point # 3 as well but no luck , same error is appearing.
Regards,
MS
07-03-2013 04:07 AM
Usually debugging is used in these kind of situations.
Do the
debug crypto ikev1
debug crypto ipsec
and see what's happenning when you're trying to establish connection.
Plus, though it's not critical, I wouldn't rely on the default tunnel-group/group-policy configurations. It's allwas better to create some new, and tune them.
07-03-2013 09:41 AM
get debug or set buffer log to debug and past the log here. 720 looks like a phase 1 policy mismatch.
Sent from Cisco Technical Support iPhone App
07-03-2013 10:28 AM
07-03-2013 10:34 PM
In the debug provided, username test is used for connection.
The only username that may be used, having what's in your running config, is l2tp:
username l2tp password 31XddrF4FUa04JqfYDr2Jw== nt-encrypted
So, check again what username/password is used for the connection, and change it to l2tp/password-for-l2tp-user
07-04-2013 11:34 AM
Hi Andrew,
The problem was due to "no vpn-addr-assign local" command which was mistakenly part of the configuration.
Regards,
Mujeeb
07-04-2013 10:11 PM
Ok, good to know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide