08-06-2015 04:33 PM
I have an ASA that works just fine with Windows 7/8/8.1 and the Cisco IPSEC client. Have a Windows 10 machine and the Cisco client does not install. Using Shrew Soft client to connect to many other ASAs without an issue, but this one gives me fit. Authentication is fine, but as soon as any traffic (even a ping) goes to the ASA the connection is dropped. I looked at the config on the ASA, and it looks a little convoluted. Can someone help me clean this up? Changed a few names to protect the innocent.
Just a snip from the VPN part of things......
crypto ipsec ikev1 transform-set AES256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map MAP 100 set ikev1 transform-set AES256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map2 1 match address outside_cryptomap
crypto map outside_map2 1 set peer OTHER_ASA_IP
crypto map outside_map2 1 set ikev2 ipsec-proposal AES256
crypto map outside_map2 2 match address outside_cryptomap_1
crypto map outside_map2 2 set pfs
crypto map outside_map2 2 set peer OTHER_ASA_IP
crypto map outside_map2 2 set ikev2 ipsec-proposal AES256
crypto map outside_map2 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map2 interface outside
crypto map wlguest_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map wlguest_map interface wlguest
crypto isakmp identity address
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 enable wlguest
crypto ikev1 policy 100
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 15
ssh scopy enable
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 15
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 15
webvpn
group-policy VPN-Policy internal
group-policy VPN-Policy attributes
dns-server value 10.0.0.35
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_vpn
default-domain value domain.local
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev2
group-policy GroupPolicy_Other_site_ASA internal
group-policy GroupPolicy_Other_site_ASA attributes
vpn-tunnel-protocol ikev2
tunnel-group firestone type ipsec-l2l
tunnel-group firestone ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group insync type remote-access
tunnel-group insync general-attributes
address-pool ip-pool-firestone_vpn
authentication-server-group radius LOCAL
default-group-policy VPN-Policy
tunnel-group insync ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group Marketing type remote-access
tunnel-group Marketing general-attributes
address-pool ip-pool-firestone_vpn
authentication-server-group radius LOCAL
default-group-policy VPN-Policy
tunnel-group Marketing ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OTHER_ASA_IP type ipsec-l2l
tunnel-group OTHER_ASA_IP general-attributes
default-group-policy GroupPolicy_Other_site_ASA
tunnel-group OTHER_ASA_IP ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group Engineering type remote-access
tunnel-group Engineering general-attributes
address-pool ip-pool-firestone_vpn
authentication-server-group radius LOCAL
default-group-policy VPN-Policy
tunnel-group Engineering ipsec-attributes
ikev1 pre-shared-key *****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide