VPN ASA 5520 problem.
in [Cisco]
|
Prev: IP Route Tables - Point to Point Connection - Only Routing 1 way
Next: Cisco 1760 router and VPN client Connection Issues
From: Donatas Abraitis on 22 Dec 2007 12:32 Hello, has anyone worked with ASA 5500 Series device ? I have some problem. I have configured L2TP over IPSec, but i have this errors: Dec 21 14:00:48 [IKEv1]: IP = XX.XX.XX.XX, Removing peer from peer table failed, no match! Dec 21 14:00:48 [IKEv1]: IP = XX.XX.XX.XX, Error: Unable to remove PeerTblEntry My config is: ASA Version 7.2(2) ! hostname ciscoasa domain-name cisco enable password 8Ry2YjIyt7RRXU24 encrypted no names ! interface GigabitEthernet0/0 description outside nameif outside security-level 0 ip address 193.219.61.68 255.255.255.0 ! interface GigabitEthernet0/1 description inside nameif inside security-level 100 ip address 83.171.9.232 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! passwd 0kMQqdPs3iv5ySaU encrypted boot system disk0:/asa722-k8.bin no ftp mode passive dns server-group DefaultDNS domain-name cisco pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 ip local pool POOL 172.16.255.100-172.16.255.110 mask 255.255.255.0 no failover asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 route outside 0.0.0.0 0.0.0.0 193.219.61.252 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute group-policy group internal group-policy group attributes vpn-tunnel-protocol l2tp-ipsec username admin password HrKM275P1eMLunbN encrypted privilege 15 http server enable http 83.171.9.0 255.255.255.0 inside no snmp-server location no snmp-server contact crypto ipsec transform-set TRANS esp-3des esp-sha-hmac crypto ipsec transform-set TRANS mode transport crypto dynamic-map dyn1 1 set transform-set TRANS crypto map mymap 1 ipsec-isakmp dynamic dyn1 crypto map mymap interface outside crypto isakmp enable outside crypto isakmp policy 2 authentication pre-share encryption 3des hash sha group 5 lifetime 14400 tunnel-group VPN type ipsec-ra tunnel-group VPN general-attributes address-pool POOL authentication-server-group ktu-radius default-group-policy group tunnel-group VPN ipsec-attributes pre-shared-key * tunnel-group VPN ppp-attributes authentication ms-chap-v2 telnet 83.171.9.0 255.255.255.0 inside telnet timeout 30 ssh timeout 5 console timeout 10 Done. Can anyone help me ? |