Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
1
Replies

Setting-up VPN access for Microsoft Clients

starkhorn
Level 1
Level 1

‎01-22-2008 07:45 PM - edited ‎02-21-2020 03:29 PM

Hi,

I'm setting up IPsec remote VPN access and I'm following the below guide.

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/rem_acc.html

The only difference is that instead of ticking Cisco VPN client, I select the Microsoft Windows Client using chap, chap-v1 and chap-v2.

I configure up a VPN client connection on Windows XP with a public static ip address. All traffic to this static ip address is forwarded to my outside interface on the ASA.

However all VPN connections are denied with a "UDP inbound connection denied" on port 500.

The specified ip address in the log message is the public static ip that I've specified in my VPN client.

So I added the below to allow access on this port.

access-list outside_access_in extended permit udp any host xxx.xxx.xxx.xxx eq isakmp

(xxx.xxx.xxx.xxx) is the public ip.

However I still get a denied connection message via the explicit denied all rule on the outside interface. Packet-trace gives the same result.

Any ideas or useful guides on how to setup IPsec remote VPN access via a Cisco ASA for Microsoft VPN clients?

Cheers

Starkhorn

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎01-28-2008 12:05 PM

Check and enable sysopt connection permit-vpn. You may be hitting cisco bug CSCsh24110. In such a case upgrade the ASA's software.

0 Helpful
Customers Also Viewed These Support Documents