Cisco VPN :: L2TP On ASA 5505 Just Doesn't Work?
Nov 20, 2011
Cisco ASA 5505 ver 8.4. Most things work but now I want to setup a vpn connection..I have done this 2 ways, first by using the "VPN Wizard" in ASDM and then 5 hours later removing everything and configuring from cli. And it just doesn't work, client (WinXP & Win7) gets "error 792" and sometimes "error 789" (both indicating problem with phase 1, I'm pretty sure of that) Googling on those gives a few suggestions none works. All I get in the log on Cisco is the "Error processing payload: Payload ID: 1" Google on that only comes up with a few pages telling me this message is caused by an error. (Yeah, I could never have guessed...) For the cli config, I followed this tutorial carefully (3 times actually...) url...I'm using PSK for IPSec, entered same on Cisco and client - checked several times, this is not a password/PSK issue. Ports opened on Cisco: 500, 1701, 4500 (For a try I opened all ports, no change.) And here's the "show run". [code]
View 2 Replies
ADVERTISEMENT
Dec 21, 2010
I'm trying to setup a L2TP VPN Connection on my ASA 5510 to connect with Android/Windows (Native Clients).I'm using the newest Releases:Cisco Adaptive Security Appliance Software Version 8.3(2) Device Manager Version 6.3(5)
My asa config just the interesting part:
crypto ipsec transform-set trans esp-3des esp-sha-hmac crypto ipsec transform-set trans mode transportcrypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map dyno 10 set transform-set transcrypto map vpn 20 ipsec-isakmp dynamic dynocrypto map vpn interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400no crypto isakmp nat-traversal
[code]....
If i try to connect with a Windows 7 Client (NOT behind NAT) I get the Error 691.
I see that Phase 1/2 are working with debug:
Dec 22 16:32:16 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 1 COMPLETED
Dec 22 16:51:25 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 2 COMPLETED (msgid=00000001)
Then I see this "Error":
Dec 22 16:51:26 [IKEv1]: Group = DefaultRAGroup, IP = XXXXX, Session is being torn down. Reason: L2TP initiated
I don't understand why it doens't work....I tried many templates from the net but nothings works.
View 5 Replies
View Related
Jun 3, 2013
A couple of weeks ago, one of our ASA 5505s failed, and Cisco TAC shipped out a replacement. I was on vacation, and my assistant worked with TAC to get our backed-up configuration restored to the new hardware. This backup was just a copy & paste of the "show start," rather than an export done from ASDM. Anyway, since I got back on vacation I was able to iron out all the wrinkles from the configuration restore, except one. The remote access VPN isn't quite working. This VPN is only used in emergencies, when I can't access that branch office's network via our WAN.
What's happening is that clients are getting "authentication failed" messages when connecting. On Windows, it's an error 691. The VPN is set to authentication against RADIUS (Microsoft IAS server). The IAS server reports that the connection and authentication is successful. AAA RADIUS authentication tests on the ASA succeed, as do authentication & authorization LDAP tests. Basically, everything was working fine before we swapped in the new hardware, and I've gone over the configuration with a fine-toothed comb to ensure nothing's changed -- but clearly, I'm missing something. The new ASA is otherwise operating perfectly.
View 3 Replies
View Related
Jan 25, 2011
We have ASA 5520 running 8.2(3) software and we're trying to make Remote Access VPN (l2tp/ipsec) working from Android. We succeeded in making IPSEC tunnel (ending "Phase 2 completed"), but we cannot make L2TP tunnel working.We're using RADIUS for L2TP authentication, but ASA doesn't even try to check credentials entered by use. The same set of credentials entered on Windows {XP, VISTA, 7, Mobile} works ok. Which debugging options should we turned on?
View 3 Replies
View Related
Jun 13, 2011
There is so much mis-information on the Internet and Cisco's own support site has bits and pieces everywhere (I've found at least 5 support pages in Cisco that address this subject), none work or are directly targeted at what I would consider is a major use case for this product. I can see from the many posts everywhere that getting L2TP/IPSEC to work is a major problem, requiring many configuration steps that all have to be perfect and there seems to be some trick to get it to work that most people struggle with. Most of the advice out there is impertinent and highly technical but doesn't work.
I would like to know if there is any consolidated instructions that WORK to create a VPN server on the 5505 using the ASDM and also how to set your Windows 7 (or 2008) client to work with it.
Like I've said, I've spent hours and hours on this and have yet to get anything to work. I have a brand new 5505 connected directly to DSL (static IP) that I ran the wizard on and followed the best advice I could find (by the way there's TONS of information on getting XP to work but afaik, this does NOT work for windows 7). Now that I've tried various things without success, I believe I've gotten it so fouled up I need to reset to factory defaults and start over.
I also have another brand new 5505 connected to a different DSL line. Behind that firewall, I have both windows 7 clients and windows 2008 server. I've tried lots of different things to get these to work including the registry hacks (which, if indeed is required, I seriously can't believe that Cisco hasn't given us a tool for).
I have tried to use the ASDM to do all my programming as I find the CLI to be extremely error prone and virtually incomprehensible.So, what the world needs is one place that gives all the instructions on what to do, step-by-step that really work for this simple use case of windows connecting to the ASA.
View 1 Replies
View Related
Jul 6, 2011
I have configure L2TP vpn using ASDM and now i am not able to connect my Cisco ASA 5505. it's showing error message 3Jul 07 201118:57:38IP = *.*.*.*, Error processing payload: Payload ID: 1
View 1 Replies
View Related
Jul 17, 2011
I have a Cisco ASA 5505 Firewall. I am using windows VPN. I have configure IPSEC/L2TP Vpn. And now i hv some problem..
1) VPN is connected but I notices that VPN client connection gets in "HANG" mode after couple of minutes.
2) I am getting error when i try to connect my SQL Server (windows 2008) [code]
View 2 Replies
View Related
May 2, 2011
I’m configuring a L2TP IPSEC VPN on a 5505 asa so that windows 7 clients can natively connect. It connects correctly during Phase 1 and 2, but I can’t ping anything or access resources on the internal network. This is my first time working with an ASA.
Master# sh run
: Saved
:
ASA Version 8.2(2)
!
hostname Master
domain-name service.local
[code]....
View 2 Replies
View Related
Jan 11, 2011
I have an problem with VPN connection on notebooks. Sometimes the VPN connection works perfectly, and other times it just doesn't work at all.The Cisco VPN client software is version 5.0.04.0300. Operating system is Windows XP Prof SP2.When the connection fails, the client statistics window shows "Bytes Received: 0".Rebooting the system, has no effect
View 1 Replies
View Related
Jan 27, 2011
Normally, when one right clicks on a drive letter having opened 'My computer', then select 'Sharing' there is a warning about sharing a whole disk and the option to accept anyway.One laptop doesn't offer that. It just shows the admin share of C$ immediately. If I choose 'New' at the bottom of the panel a new drive letter and drive name can be entered but it can never be accessed over the network! It shows up in the workgroup but I get a network error 'Network path not found' if I try to access it. I can ping the laptop from anywhere by name and IP address.The laptop can access all the other PCs without any problem.
View 12 Replies
View Related
May 21, 2013
my LMS 4.2, syslog collector on LMS doesnt working even service syslog collector running normaly and also i saw in syslog_info is working to collect syslog from all router but not show up in dashboard monitoring.I have setting on every router to logging (ip address LMS) but on LMS no any syslog from router can collect.i did a selftest from LMS there are all PASS except nslookup fail, it is has relation with syslog not show up on dashboard?
View 5 Replies
View Related
Jun 29, 2012
I bought cisco AP (air-ap1142-e-k9) and we know this ap works with 802.11a/g/n same the description note on the package cartoon but my problem is when i configure that ap its work only with 802.11a/g i tries to make it works with 802.11n but fail .
View 3 Replies
View Related
Jan 26, 2011
I'm trying to configure Cisco CISCO881G-K9 3G router to connect to mobile network without success. The cellular interface gets up but it doesn't receive IP address. It seems that profile isn't activated and it should've been.
I've attached running config and some other information gathered from router.
View 7 Replies
View Related
Mar 11, 2011
So, my desktop, running windows 7, can no longer connect to the internet. It has no problem connecting to the router, but it will not receive packets. I double checked my connection using my laptop and it works with wireless and wired connections, so I know it's something with my desktop. I would really like to avoid doing a reinstall, I don't have anywhere to back my data up to.
View 5 Replies
View Related
Jan 16, 2012
Whenever my main PC is turned on, i get no signal from the wireless, like i cannot use my phone or laptop on the internet i use an Ethernet cable which is directly connected to my main PC my windows is also window XP and my modem model is TG782T only if my PC is turned off the wireless works
View 2 Replies
View Related
Aug 17, 2011
I have been having problem with my internet lately. I live in UK and there is this game that I used to play that has a region IP block so I have to use Hotspot shield to play,but now my internet doesn't connect to Hotmail or this forum unless hotspot shield is turned on. How can I fix that? I tried config/flushdns but no luck. I am using window xp.
View 1 Replies
View Related
Sep 20, 2012
We have recently switched routers and now my laptop doesn't work wirelessly; it connects to the router but there isn't an internet connection. The laptop works fine when the LAN cable is plugged in though. Our other laptop can connect to the internet with or without the LAN cable. Both are Toshibas running on Windows Vista.I have tried various approaches such as downloading the latest Atheros AR5007EG drivers but it said that they're already the most up to date. [code]
View 5 Replies
View Related
Jun 16, 2011
I purchased a used Compaq laptop with a Realtek USB wireless adapter. The laptop came with XP Pro. I connected the adapter and everything worked great. My husband got a virus I couldn't remove. I have the CD for XP Home so I did a clean install.Windows works fine. I connected the USB wireless adapter and ran the installation disk. When I open Realtek to connect nothing appears in the available networks. I checked the device mgr and it says Realtek is working. I turned off my 2Wire gateway and then reconnected it. I doubled checked that the Windows wireless utility is disabled. Still no available networks. Everything was fine before the reinstall of Windows XP Home.
View 5 Replies
View Related
Nov 5, 2012
It's a 64 bit machine, with windows 7. He fills out surveys and gets money from them, and I don't like to work on his machine because of this. But... He called, so I came over and Anyhow... I'm worried that the Ethernet has gone bad on the motherboard, but they bought a USB stick for wireless internet, and that didn't work either.I realize I have basically no worth while informationHis router works fine, if you plug in another computer it can connect to the internet, but his computer can't. Something is turned off as far as I can tell. And I can't figure out how to turn it on.
View 5 Replies
View Related
Oct 20, 2011
I have a cable that is not working on the router end or the computer end. Could I have the wrong cable? The writing on the package is: Category 5E patch cable 350 MHz UTP Standed 24AWG PVC jacket, molded boot. 50U" plugs complies with FCC part 68Cat5e patch cable, RJ45-RJ4524 AWG stranded, 568B
View 2 Replies
View Related
Jan 16, 2012
Whenever my main PC is turned on, i get no signal from the wireless, like i cannot use my phone or laptop on the interneti use an [COLOR=blue !important][COLOR=blue !important]ethernet[/COLOR][/COLOR] cable which is direclty connected to my main PCmy windows is also window XP and my modem model is TG782T
View 2 Replies
View Related
Mar 15, 2012
Would a Linksys USB300M Network Adapter allow my computer to connect to the internet via Ethernet? My computer has an Ethernet port that doesn't work. I need Ethernet connection to connect to the internet through FIOS. I currently use an USB port on my computer to connect using DSL. I want to purchase a USB-Ethernet adapter that plugs into my USB port but has an Ethernet jack at the other end: USB300M Network adapter - Hi-Speed USB
View 5 Replies
View Related
Oct 12, 2012
We recently acquired an internet connection. Connecting via LAN works fine for me but not to my room mates. We're all using Windows 7. Windows troubleshoot it and says "Local Area Connection doesn't have a valid IP configuration" on their laptops. What should we do?
View 5 Replies
View Related
May 22, 2012
The electric went off in my house about an hour ago, causing my computer to turn off as a result. Ever since, the internet on my PC has been acting up.
My internet was working perfectly before the power cut both on my laptop (my mum was using it at the time) and PC, however, while I've got no problems with the internet on the laptop, my PC keeps losing the connection to a ridiculous degree. It'll drop the connection for over a minute at a time, come back on literally long enough for me to refresh/load 1 webpage (~5 seconds), then go back off again for another minute or two.
All the lights on the router are on and I've even cross-referenced (lacking a better term...) the internet connection between my lap top and desk top and my laptop will work fine when my PC is telling me there's no connection and nothing will load on it. It seems to me that something has happened to my desktop when the power went out but I have no idea where to begin to even try to find out what's wrong.
I've tried turning off the router by both the wall and the little button on the back of it, and I've restarted my PC twice as well and still the internet doesn't work properly. My laptop picked up the connection as soon as the router came back on with no problem but my desktop struggled to find the connection and only picked it up after turning the router off twice aand restarting the computer twice as well and as I said, when it finally did find the connection it just keeps dropping it.
View 3 Replies
View Related
Dec 25, 2011
cd doesn`t work and can access web for set up
View 1 Replies
View Related
May 7, 2011
hardware version D3, FW 4.10 and 4.11 same problem.
i tried with 4 wlan adapters: two of them support 802.11b/g, they always work find no matter which settings. the other two support 802.11b/g/n, as default "n" is enabled, so does DIR-615, both wlan adapters can be connected to DIR-615, they get their LAN-IP, but they can access neither DIR-615(no respone to ping) nor internet. but if i disable "n" mode either in the adapter or in DIR-615, everythin works fine, of course only with 54mbit max.
so what can i do to use the n mode?
View 1 Replies
View Related
Apr 5, 2011
i've issue with vpn 3000. can't logon with tacacs. http and ssh doesnt work. acs server logs show that authentication was successful but no luck.
don't have access to gui as well
View 2 Replies
View Related
Nov 14, 2011
I have one outside interface with global IP address 1.1.1.1 and two inside.Both inside interfaces restrict and non_restrict have private IP addresses.I tried to filter some URLs on PIX515 IOS 7.2, only on restrict interface but my filter does not work.I can access prohibited URL from restrict interface. What's wrong in my URL filtering?
Here is my config:
PIX Version 7.2(2)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
[code]....
View 1 Replies
View Related
Oct 12, 2012
I am setting up a simple remote IPsec VPN with a ASA 8.4. All I want to do is the remote user can VPN into the ASA, from there, he can browse the outside Web pages in the internet. and we'd like not to use split-tunneling. The outside infterface is 192.168.1.155/24, which is inside our network and this subnet works fine to outside. The pool for vpn is 192.168.0.0./24 (please pay attention to the 3r octet)
I configured and the remote user can vpn in and get an IP from the pool. but it seems that he cannot do anything. he cannot ping anything.I suspected the NATTing that i use. What is configured wrong? What traffic need to be natted and what need not.
======:ASA Version 8.4(2) !
!interface GigabitEthernet0description VPN interfacenameif outsidesecurity-level 0ip address 192.168.1.156 255.255.255.0 !interface GigabitEthernet1description VPN interfacenameif insidesecurity-level 100ip address 192.168.0.1 255.255.255.0
!ftp mode passiveobject network obj-192.168.0.0subnet 192.168.0.0 255.255.255.0object network obj-192.168.1.155host 192.168.1.155access-list EXTERNAL extended permit ip any any access-list EXTERNAL extended permit icmp any any access-list vpn extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 pager lines 24mtu outside 1500mtu inside 1500ip local pool testpool 192.168.0.10-192.168.0.15ip verify reverse-path interface outsideicmp unreachable rate-limit 1 burst-size 1icmp permit any outsideicmp permit any insideno asdm history enablearp timeout
[code]....
View 17 Replies
View Related
Jan 29, 2013
I have a 871W router that works fine.I have 5 static ip addres's and use 2 in a nat pool. One i have mapped staticlly here is the configuration and it works fine:
! No configuration change since last restart
version 15.1
no service pad
service tcp-keepalives-in
[Code].....
View 1 Replies
View Related
Mar 6, 2013
I´m trying to test anntenas in a AIR-CAP3062E-A-K9 the problem is that when I´m below the AP the speed is weak, the AP es with a WLC, so I was wondering if do you know a command or a form to test the anntenas or the Radio.
View 7 Replies
View Related
Jan 9, 2013
I created the configuration below to limit the bandwidth, but doesn't work
Qos - 3750
!
mls qosmls qos map policed-dscp 10 to 8!class-map match-all Testmatch access-group name ACL!policy-map QOSdescription Limit 10M set ip dscp af11 police
[Code]....
View 6 Replies
View Related
Dec 26, 2011
reset my Linksys E1000 and now I can't access wifi from my phone as neither my pw or my default ps work.
View 2 Replies
View Related
