Remote Access VPN with ASA 7.04

ryan-wang · ‎01-24-2006

I have a problem with ASA5500 remote access vpn. When I finished VPN wizard and VPN client setup. I can't establish the VPN tunnel. who can help me solve this problem. Thanks.

mmellet · ‎01-30-2006

Verify that the Internet Security Association and Key Management Protocol (ISAKMP) port -- User Datagram Protocol (UDP) 500 -- is not blocked by an ACL, and verify that routing to the workstation from the VPN Concentrator is correct.

If you are using IP Security (IPSec) over UDP or IPSEC over Transport Control Protocol (TCP), make sure those settings have been turned on for both the Client and Concentrator.

You can configure the Concentrator to use IPSec over UDP and IPSec over TCP at the same time. The VPN Client can use either one, but only one at a time. It must manually select which one it is going to use.

To configure IPSec over TCP, select Configuration > System > Tunneling Protocols > IPSec > NAT Transparency. Make sure that IPSec over TCP option is checked.

To configure IPSec over UDP, select Configuration > User Management > Groups > Group Name > Client Config. Make sure that IPSec over UDP option is checked.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a00800946af.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800946bc.shtml

jackko · ‎01-30-2006

no-nat acl is missing. it is required since the current config has "nat (inside) 11 0.0.0.0 0.0.0.0.0".

e.g.

access-list no_nat permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (inside) 0 access-list no_nat

further, apply the command "isakmp identity address" and "isakmp nat-traversal 20"

ryan-wang · ‎01-30-2006

Thank for your help.

jackko · ‎02-03-2006

just wondering how you go. has the issue been resolved?