Question : Problem: Cisco ASA and VPN Configuration - Can't establish Connection

Ok, I'm having issues getting this VPN Connectivity up...any you pros out there want to give it a quick lookover?

When I try and connect I get, 'Cannot establish TCP Connection'

It doesn;t even look like the ASA is responding.

My client is a subnet away and can ping the device.  Below is part of the config:

interface GigabitEthernet0/0
 nameif External
 security-level 0
 ip address 68.14.18.241 255.255.255.248
!
interface GigabitEthernet0/3
 nameif Internal
 security-level 100
 ip address 68.14.18.156 255.255.255.192
!
interface Management0/0
 nameif management
 security-level 100
 ip address 68.14.18.121 255.255.255.128
 management-only
!
boot system disk0:/asa802-k8.bin
ftp mode passive
dns domain-lookup Internal
dns server-group DefaultDNS
 domain-name cshado.org
dns server-group NAP
 name-server 68.14.18.8
 name-server 68.14.18.9
 domain-name cshado.org
access-list Admins_splitTunnelAcl standard permit any
access-list Internal_nat0_outbound extended permit ip any 68.14.18.128 255.255.255.240
access-list Internal_nat0_outbound extended permit ip any 68.14.18.160 255.255.255.240
access-list Internal_access_in extended permit ip any any
pager lines 24
mtu management 1500
mtu Internal 1500
mtu External 1500
ip local pool Admins 68.14.18.129-68.14.18.142
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-611.bin
asdm history enable
arp timeout 14400
global (External) 101 interface
nat (Internal) 0 access-list Internal_nat0_outbound
nat (Internal) 101 0.0.0.0 0.0.0.0
access-group Internal_access_in in interface Internal control-plane
route External 0.0.0.0 0.0.0.0 68.14.18.246 1
route Internal 68.14.18.192 255.255.255.240 68.14.18.158 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server Admin protocol radius
aaa-server Client protocol radius
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable
http 68.14.18.128 255.255.255.128 Internal
http 68.14.18.0 255.255.255.128 management
no snmp-server location
no snmp-server contact
snmp-server community NAP
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-DES-SHA ESP-DES-MD5
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto isakmp enable External
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 5
management-access management
dhcpd ping_timeout 750
!
threat-detection basic-threat
threat-detection statistics access-list
!
!
ntp server 68.14.18.249 source External prefer
group-policy Admins internal
group-policy Admins attributes
 dns-server value 68.14.18.8 68.14.18.9
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Admins_splitTunnelAcl
 default-domain value cshado.org
tunnel-group Admins type remote-access
tunnel-group Admins general-attributes
 address-pool Admins
 default-group-policy Admins
tunnel-group Admins ipsec-attributes
 pre-shared-key *



Thanks!

Answer : Problem: Cisco ASA and VPN Configuration - Can't establish Connection

can you attach a "debug crypto isakmp 255" showing the output while you are attempting to establish a VPN connection to the firewall