Microsoft
Software
Hardware
Network
Question : Problem: Cisco ASA and VPN Configuration - Can't establish Connection
Ok, I'm having issues getting this VPN Connectivity up...any you pros out there want to give it a quick lookover?
When I try and connect I get, 'Cannot establish TCP Connection'
It doesn;t even look like the ASA is responding.
My client is a subnet away and can ping the device. Below is part of the config:
interface GigabitEthernet0/0
nameif External
security-level 0
ip address 68.14.18.241 255.255.255.248
!
interface GigabitEthernet0/3
nameif Internal
security-level 100
ip address 68.14.18.156 255.255.255.192
!
interface Management0/0
nameif management
security-level 100
ip address 68.14.18.121 255.255.255.128
management-only
!
boot system disk0:/asa802-k8.bin
ftp mode passive
dns domain-lookup Internal
dns server-group DefaultDNS
domain-name cshado.org
dns server-group NAP
name-server 68.14.18.8
name-server 68.14.18.9
domain-name cshado.org
access-list Admins_splitTunnelAcl standard permit any
access-list Internal_nat0_outbound extended permit ip any 68.14.18.128 255.255.255.240
access-list Internal_nat0_outbound extended permit ip any 68.14.18.160 255.255.255.240
access-list Internal_access_in extended permit ip any any
pager lines 24
mtu management 1500
mtu Internal 1500
mtu External 1500
ip local pool Admins 68.14.18.129-68.14.18.142
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-611.bin
asdm history enable
arp timeout 14400
global (External) 101 interface
nat (Internal) 0 access-list Internal_nat0_outbound
nat (Internal) 101 0.0.0.0 0.0.0.0
access-group Internal_access_in in interface Internal control-plane
route External 0.0.0.0 0.0.0.0 68.14.18.246 1
route Internal 68.14.18.192 255.255.255.240 68.14.18.158 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-reco
rd DfltAccessPolicy
aaa-server Admin protocol radius
aaa-server Client protocol radius
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable
http 68.14.18.128 255.255.255.128 Internal
http 68.14.18.0 255.255.255.128 management
no snmp-server location
no snmp-server contact
snmp-server community NAP
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-DES-SHA ESP-DES-MD5
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto isakmp enable External
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 5
management-access management
dhcpd ping_timeout 750
!
threat-detection basic-threat
threat-detection statistics access-list
!
!
ntp server 68.14.18.249 source External prefer
group-policy Admins internal
group-policy Admins attributes
dns-server value 68.14.18.8 68.14.18.9
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Admins_splitTunnelAcl
default-domain value cshado.org
tunnel-group Admins type remote-access
tunnel-group Admins general-attributes
address-pool Admins
default-group-policy Admins
tunnel-group Admins ipsec-attributes
pre-shared-key *
Thanks!
Answer : Problem: Cisco ASA and VPN Configuration - Can't establish Connection
can you attach a "debug crypto isakmp 255" showing the output while you are attempting to establish a VPN connection to the firewall
Random Solutions
Problem: I want to access my files on my NAS from anywhere on my laptop.....
Problem: Upgrade Video Card - GIGABYTE K8N PRO-SLI
Problem: Help on how to upload!
Problem: "System32/DRIVERS/pci.sys"<wbr /> when I try to add RAM
Problem: Can't umount flash drive
Problem: Drivers needed for Win98 DVD player on Sony Vaio PCG9201
Problem: Getting Sound to Work via RDP to Terminal Server
Problem: jumpers to enable front panel to work with SBlaster card
Problem: Replaced Tape Drive in BUE9. Getting Event ID 33152
Problem: Soundmax and recording sound!?