Maybe im having a blonde moment, Im trying to configure remore access VPN. Its in a test environment.
on the user end in the VPN profile username is jamesprofile password is james host 18.104.22.168
trying to connect it brings the box up put in the details it trys to connect for about 5 seconds the fails. Please could you help.
Config is attached.
James, just to be sure I understood, you go to your VPN client, click on connect on your connection entry and you are being prompted for username and password right?
Then you enter your user/pass and that's when it fails?
Could you enable some debugs on the ASA to see why it fails?
debug crypto isa 15
debug crypto ipsec 15
Then try to connect a few times. Post the debugs here.
Looking quickly to your configuration, I see the interface is not allowed for VPN.
I would think the firewall doesn't prompt for any username if not enabled, but I remember when configuring Remote Access VPN, I was needed to configure this :
ciscoasa (config)# webvpn
ciscoasa (config)# enable outside
By the way, which VPN client do you use ? Cisco VPN client ?
I went back to your config and noticed two things:
1. Your ACL for split tunneling is extended and it must be standard. Change it to this:
access-list vpnsplit standard permit 10.10.254.0 255.255.255.0
2. You dont have a dynamic crypto map. You need this for the VPN clients to work:
crypto dynamic-map Outside_dyn_map 10 set transform-set vpntrans
crypto map vpnmap 65535 ipsec-isakmp dynamic Outside_dyn_map
Make these changes and let me know how it goes.
BTW the webvpn enable outside is not required on this case since you are using the IPSec client.