Question : Problem: Trouble setting up CISCO ASA 5505 for VPN access

I'm trying to setup this ASA 5505 now for VPN access but I can not connect. I have been looking at other posts to get as far as I have but now I'm totally stumped.

Below are the errors from the CISCO VPN CLIENT LOG. I have tried changing the password of the user in ADSM but I still recieve this same message.

Below that is the results of the show running-config command.


Also can someone please confirm with me what ports I need to be forwarding from the modem/router to the ASA?

Thanks
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:

Cisco Systems VPN Client Version 5.0.02.0090
 
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
 
Client Type(s): Windows, WinNT
 
Running on: 5.1.2600 Service Pack 3
 
Config file directory: C:\Program Files\Cisco Systems\VPN Client\
 
 
 
1      16:00:20.000  01/22/09  Sev=Warning/3	IKE/0xE3000057
 
The received HASH payload cannot be verified
 
 
 
2      16:00:20.000  01/22/09  Sev=Warning/2	IKE/0xE300007E
 
Hash verification failed... may be configured with invalid group password.
 
 
 
3      16:00:20.000  01/22/09  Sev=Warning/2	IKE/0xE300009B
 
Failed to authenticate peer (Navigator:904)
 
 
 
4      16:00:20.000  01/22/09  Sev=Warning/2	IKE/0xE30000A7
 
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)
 
 
 
5      16:01:00.281  01/22/09  Sev=Warning/3	IKE/0xE3000057
 
The received HASH payload cannot be verified
 
 
 
6      16:01:00.281  01/22/09  Sev=Warning/2	IKE/0xE300007E
 
Hash verification failed... may be configured with invalid group password.
 
 
 
7      16:01:00.281  01/22/09  Sev=Warning/2	IKE/0xE300009B
 
Failed to authenticate peer (Navigator:904)
 
 
 
8      16:01:00.281  01/22/09  Sev=Warning/2	IKE/0xE30000A7
 
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)
 
 
 
9      16:06:38.921  01/22/09  Sev=Warning/3	IKE/0xE3000057
 
The received HASH payload cannot be verified
 
 
 
10     16:06:38.921  01/22/09  Sev=Warning/2	IKE/0xE300007E
 
Hash verification failed... may be configured with invalid group password.
 
 
 
11     16:06:38.921  01/22/09  Sev=Warning/2	IKE/0xE300009B
 
Failed to authenticate peer (Navigator:904)
 
 
 
12     16:06:38.921  01/22/09  Sev=Warning/2	IKE/0xE30000A7
 
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)
 
 
 
13     16:07:02.281  01/22/09  Sev=Warning/3	IKE/0xE3000057
 
The received HASH payload cannot be verified
 
 
 
14     16:07:02.281  01/22/09  Sev=Warning/2	IKE/0xE300007E
 
Hash verification failed... may be configured with invalid group password.
 
 
 
15     16:07:02.281  01/22/09  Sev=Warning/2	IKE/0xE300009B
 
Failed to authenticate peer (Navigator:904)
 
 
 
16     16:07:02.281  01/22/09  Sev=Warning/2	IKE/0xE30000A7
 
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)
 
 
-----------------------------------------
 
SHOW RUNNING-CONFIG:
 
------------------------------------------
 
: Saved
 
:
 
ASA Version 7.2(4)
 
!
 
hostname ciscoasa
 
enable password 8Ry2YjIyt7RRXU24 encrypted
 
passwd 2KFQnbNIdI.2KYOU encrypted
 
names
 
!
 
interface Vlan1
 
 nameif inside
 
 security-level 100
 
 ip address 192.168.1.1 255.255.255.0
 
!
 
interface Vlan2
 
 nameif outside
 
 security-level 0
 
 ip address dhcp setroute
 
!
 
interface Ethernet0/0
 
 switchport access vlan 2
 
!
 
interface Ethernet0/1
 
!
 
interface Ethernet0/2
 
!
 
interface Ethernet0/3
 
!
 
interface Ethernet0/4
 
!
 
interface Ethernet0/5
 
!
 
interface Ethernet0/6
 
!
 
interface Ethernet0/7
 
!
 
ftp mode passive
 
pager lines 24
 
logging asdm informational
 
mtu inside 1500
 
mtu outside 1500
 
icmp unreachable rate-limit 1 burst-size 1
 
no asdm history enable
 
arp timeout 14400
 
global (outside) 1 interface
 
nat (inside) 1 0.0.0.0 0.0.0.0
 
timeout xlate 3:00:00
 
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
 
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
 
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
 
aaa authentication ssh console LOCAL
 
http server enable
 
http 192.168.1.0 255.255.255.0 inside
 
no snmp-server location
 
no snmp-server contact
 
snmp-server enable traps snmp authentication linkup linkdown coldstart
 
telnet timeout 5
 
ssh timeout 5
 
console timeout 0
 
dhcpd dns 10.1.1.254
 
dhcpd auto_config outside
 
!
 
 
 
username admin password uoZUvuUE4W8bl0fD encrypted
 
!
 
class-map inspection_default
 
 match default-inspection-traffic
 
!
 
!
 
policy-map type inspect dns preset_dns_map
 
 parameters
 
  message-length maximum 512
 
policy-map global_policy
 
 class inspection_default
 
  inspect dns preset_dns_map
 
  inspect ftp
 
  inspect h323 h225
 
  inspect h323 ras
 
  inspect rsh
 
  inspect rtsp
 
  inspect esmtp
 
  inspect sqlnet
 
  inspect skinny
 
  inspect sunrpc
 
  inspect xdmcp
 
  inspect sip
 
  inspect netbios
 
  inspect tftp
 
!
 
service-policy global_policy global
 
prompt hostname context
 
Cryptochecksum:ef7ab209635127882d43da073f1cd17e
 
: end
Open in New Window Select All

Answer : Problem: Trouble setting up CISCO ASA 5505 for VPN access

You do not have to go bridge mode.
It simplifies troubleshooting.  I.e. if issues arise, you have to determine whether the issue is between the router and the ASA or within the ASA.  If in bridge mode, only the ASA is needed. A router infront of the ASA requires as you have setup a port forward 500 and 4500.

Curerntly, you can use static IPs if they are in the range of 192.168.1.131-192.168.1.254 because of the DHCP settings that allocate ips in the range 192.168.1.2-192.168.1.130..
If you do not need for the ASA to run as a DHCP server for the inside, disable the DHCP:
You would not need these:
dhcpd address 192.168.1.2-192.168.1.130 inside
dhcpd enable inside

Make sure that the systems where you set the static IP reference 192.168.1.1 as the default gateway which is what you have set your inside IP to be.

If you use a static IP on the outside interface instead of a DHCP assigned one, you may have to add a route  rule to your config:
route outside 0.0.0.0 0.0.0.0 <default gateway; LAN IP of the Cisco 837 or in the current form 10.1.1.254> 1
route outside 0.0.0.0 0.0.0.0 10.1.1.254 1
Random Solutions  
 
programming4us programming4us