09-02-2011 01:40 AM - edited 02-21-2020 05:33 PM
Hi All
Maybe im having a blonde moment, Im trying to configure remore access VPN. Its in a test environment.
on the user end in the VPN profile username is jamesprofile password is james host 2.2.2.2
trying to connect it brings the box up put in the details it trys to connect for about 5 seconds the fails. Please could you help.
Config is attached.
Thank you
09-02-2011 07:59 AM
James, just to be sure I understood, you go to your VPN client, click on connect on your connection entry and you are being prompted for username and password right?
Then you enter your user/pass and that's when it fails?
Thx.
Raga
09-08-2011 08:20 AM
yes I put the username and password in. and the connecting bar goes up.
tries a couple of times then fails to connect
09-08-2011 08:25 AM
Could you enable some debugs on the ASA to see why it fails?
debug crypto isa 15
debug crypto ipsec 15
Then try to connect a few times. Post the debugs here.
Thanks.
09-08-2011 09:36 AM
hi James
Looking quickly to your configuration, I see the interface is not allowed for VPN.
I would think the firewall doesn't prompt for any username if not enabled, but I remember when configuring Remote Access VPN, I was needed to configure this :
ciscoasa (config)# webvpn
ciscoasa (config)# enable outside
By the way, which VPN client do you use ? Cisco VPN client ?
09-08-2011 02:05 PM
James,
I went back to your config and noticed two things:
1. Your ACL for split tunneling is extended and it must be standard. Change it to this:
access-list vpnsplit standard permit 10.10.254.0 255.255.255.0
2. You dont have a dynamic crypto map. You need this for the VPN clients to work:
crypto dynamic-map Outside_dyn_map 10 set transform-set vpntrans
crypto map vpnmap 65535 ipsec-isakmp dynamic Outside_dyn_map
Make these changes and let me know how it goes.
BTW the webvpn enable outside is not required on this case since you are using the IPSec client.
Thanks,
Raga
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide