cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
615
Views
0
Helpful
5
Replies
James Simpson
Beginner

Remote access vpn issue asa

Hi All

Maybe im having a blonde moment, Im trying to configure remore access VPN. Its in a test environment.

on the user end in the VPN profile username is jamesprofile password is james host 2.2.2.2

trying to connect it brings the box up put in the details it trys to connect for about 5 seconds the fails. Please could you help.

Config is attached.

Thank you

5 REPLIES 5
raga.fusionet
Enthusiast

James, just to be sure I understood, you go to your VPN client, click on connect on your connection entry and you are being prompted for username and password right?

Then you enter your user/pass and that's when it fails?

Thx.

Raga

yes I put the username and password in. and the connecting bar goes up.

tries a couple of times then fails to connect

Could you enable some debugs on the ASA to see why it fails?

debug crypto isa 15

debug crypto ipsec 15

Then try to connect a few times. Post the debugs here.

Thanks.

g.fabre
Beginner

hi James

Looking quickly to your configuration, I see the interface is not allowed for VPN.

I would think the firewall doesn't prompt for any username if not enabled, but I remember when configuring Remote Access VPN, I was needed to configure this :

    ciscoasa (config)# webvpn

    ciscoasa (config)# enable outside

By the way, which VPN client do you use ? Cisco VPN client ?

James,

I went back to your config and noticed two things:

1. Your ACL for split tunneling is extended and it must be standard. Change it to this:

access-list vpnsplit standard permit 10.10.254.0 255.255.255.0

2. You dont have a dynamic crypto map. You need this for the VPN clients to work:

crypto dynamic-map Outside_dyn_map 10 set transform-set vpntrans

crypto map vpnmap 65535 ipsec-isakmp dynamic Outside_dyn_map

Make these changes and let me know how it goes.

BTW the webvpn enable outside is not required on this case since you are using the IPSec client.

Thanks,

Raga

Create
Recognize Your Peers
Content for Community-Ad