ā10-22-2015 08:27 AM
Hi all
I have an ASA5508-x firewall on my perimeter. I want to connect to it from the internet using the VPN Client for admin purposes. I've got it configured and it asks and accepts my password, but I get the error
Group = VPN_CLIENT_ADMIN, Username = user.name, IP = X.X.X.X, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 10.1.60.1/255.255.255.255/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface EXT_PUB_INT
My config is
ip local pool VPN_CLIENT_ADMIN 10.1.60.1-10.1.60.50 mask 255.255.255.0 object-group network VPN_CLIENTS description IP Range assigned to VPN Clients network-object 10.1.60.0 255.255.255.0 object-group network IND_LAN description Internal LAN network-object 192.168.1.0 255.255.255.0 access-list VPN_CLIENT_ADMIN extended permit ip object-group VPN_CLIENTS object-group IND_LAN nat (inside,EXT_PUB_INT) after-auto source static IND_LAN IND_LAN destination static VPN_CLIENTS VPN_CLIENTS no-proxy-arp group-policy VPN_CLIENT_ADMIN internal group-policy VPN_CLIENT_ADMIN attributes banner value Use of this connection is restricted to authorised users only. banner value Unauthorised or inappropriate use is prohibited and may be subject to administrative, criminal, banner value or civil penalties. This connection is monitored and logged. vpn-access-hours none vpn-simultaneous-logins 5 vpn-idle-timeout 30 vpn-session-timeout 180 vpn-filter value VPN_CLIENT_ADMIN vpn-tunnel-protocol ikev1 address-pools value VPN_CLIENT_ADMIN tunnel-group VPN_CLIENT_ADMIN type remote-access tunnel-group VPN_CLIENT_ADMIN general-attributes address-pool VPN_CLIENT_ADMIN authentication-server-group (EXT_PUB_INT) LOCAL default-group-policy VPN_CLIENT_ADMIN tunnel-group VPN_CLIENT_ADMIN ipsec-attributes ikev1 pre-shared-key *****
I am running
Cisco Adaptive Security Appliance Software Version 9.5(1) Device Manager Version 7.5(1)
Any ideas why it may be failing?
Thanks
Solved! Go to Solution.
ā10-24-2015 07:32 PM
Hi ,
Please share the output of sh run crypto map
It seems that we don't have a dynamic map configured hence we are unable to connect
Thanks
Shakti
ā10-24-2015 07:32 PM
Hi ,
Please share the output of sh run crypto map
It seems that we don't have a dynamic map configured hence we are unable to connect
Thanks
Shakti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide