Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
0
Helpful
5
Replies

Remote access vpn issue asa

James Simpson
Level 1
Level 1

‎09-02-2011 01:40 AM - edited ‎02-21-2020 05:33 PM

Hi All

Maybe im having a blonde moment, Im trying to configure remore access VPN. Its in a test environment.

on the user end in the VPN profile username is jamesprofile password is james host 2.2.2.2

trying to connect it brings the box up put in the details it trys to connect for about 5 seconds the fails. Please could you help.

Config is attached.

Thank you

Labels:
112985-myremote.txt.zip
0 Helpful
5 Replies 5

raga.fusionet
Level 4
Level 4

‎09-02-2011 07:59 AM

James, just to be sure I understood, you go to your VPN client, click on connect on your connection entry and you are being prompted for username and password right?

Then you enter your user/pass and that's when it fails?

Thx.

Raga

0 Helpful

James Simpson
Level 1
Level 1
In response to raga.fusionet

‎09-08-2011 08:20 AM

yes I put the username and password in. and the connecting bar goes up.

tries a couple of times then fails to connect

0 Helpful

raga.fusionet
Level 4
Level 4
In response to James Simpson

‎09-08-2011 08:25 AM

Could you enable some debugs on the ASA to see why it fails?

debug crypto isa 15

debug crypto ipsec 15

Then try to connect a few times. Post the debugs here.

Thanks.

0 Helpful

g.fabre
Level 1
Level 1

‎09-08-2011 09:36 AM

hi James

Looking quickly to your configuration, I see the interface is not allowed for VPN.

I would think the firewall doesn't prompt for any username if not enabled, but I remember when configuring Remote Access VPN, I was needed to configure this :

    ciscoasa (config)# webvpn

    ciscoasa (config)# enable outside

By the way, which VPN client do you use ? Cisco VPN client ?

0 Helpful

raga.fusionet
Level 4
Level 4
In response to g.fabre

‎09-08-2011 02:05 PM

James,

I went back to your config and noticed two things:

1. Your ACL for split tunneling is extended and it must be standard. Change it to this:

access-list vpnsplit standard permit 10.10.254.0 255.255.255.0

2. You dont have a dynamic crypto map. You need this for the VPN clients to work:

crypto dynamic-map Outside_dyn_map 10 set transform-set vpntrans

crypto map vpnmap 65535 ipsec-isakmp dynamic Outside_dyn_map

Make these changes and let me know how it goes.

BTW the webvpn enable outside is not required on this case since you are using the IPSec client.

Thanks,

Raga

0 Helpful
Customers Also Viewed These Support Documents