I followed the below doc for

sabyasachi161 · ‎03-06-2017

I have an ASA 5540 with 9.0.3 code. I've recently configured Windows VPN with L2TP/IPSEC and it works perfectly fine.

I use local database for user creation & do not use any network based authentication.

The issue is the 1st user i created (joseph) works fine and can login to VPN.

The second user the created (pranav) can login to firewall via ssh with his credentials but cannot login to VPN and windows says invalid credentials.

I tried taking crypto isakmp debugs but could not got anything. Syslog only shows connection tear-down.

Config is attached for reference.

Any help is appreciated.

Philip D'Ath · ‎03-06-2017

Try adding:

username pranav attributes
 vpn-group-policy DefaultRAGroup

sabyasachi161 · ‎03-06-2017

I followed the below doc for config

http://www.cisco.com/c/en/us/support/docs/ip/layer-two-tunnel-protocol-l2tp/200340-Configure-L2TP-Over-IPsec-Between-Window.html

This document does not mention. to add VPN group policy. However i've tried adding group policy to username as well.

It does not work with or without group-policy.

NOTE: This setup works perfectly fine if i use Cisco VPN client for IPSEC connectivity. Only Windows VPN does not work over L2TP/IPSEC.

sabyasachi161 · ‎03-07-2017

Any more solution to this ??

Local Database Credentials Rejected for Windows VPN