cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
205
Views
0
Helpful
3
Replies

Local Database Credentials Rejected for Windows VPN

sabyasachi161
Beginner
Beginner

I have an ASA 5540 with 9.0.3 code. I've recently configured Windows VPN with L2TP/IPSEC and it works perfectly fine.

I use local database for user creation & do not use any network based authentication.

The issue is the 1st user i created (joseph) works fine and can login to VPN.

The second user the created (pranav) can login to firewall via ssh with his credentials but cannot login to VPN and windows says invalid credentials.

I tried taking crypto isakmp debugs but could not got anything. Syslog only shows connection tear-down.

Config is attached for reference. 

Any help is appreciated.

3 Replies 3

Philip D'Ath
Advisor
Advisor

Try adding:

username pranav attributes
 vpn-group-policy DefaultRAGroup

I followed the below doc for config

http://www.cisco.com/c/en/us/support/docs/ip/layer-two-tunnel-protocol-l2tp/200340-Configure-L2TP-Over-IPsec-Between-Window.html

This document does not mention. to add VPN group policy. However i've tried adding group policy to username as well.

It does not work with or without group-policy.

NOTE: This setup works perfectly fine if i use Cisco VPN client for IPSEC connectivity. Only Windows VPN does not work over L2TP/IPSEC.

Any more solution to this ??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers