Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA 5505, l2tp server and windows XP

Reply
Thread Tools

ASA 5505, l2tp server and windows XP

 
 
Lukas
Guest
Posts: n/a
 
      01-07-2009
Hello,

All config is in local network environment.
I've configured l2tp on CISCO ASA5505 but when i trying to connect from
windows XP to this ASA and i've got messages:

Jan 07 22:38:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP =
192.168.0.201, processing ID payload
Jan 07 22:38:19 [IKEv1 DECODE]: Group = DefaultRAGroup, IP =
192.168.0.201, ID_IPV4_ADDR ID received
172.16.18.1
Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201,
Received local Proxy Host data in ID Payload: Address 172.16.18.1,
Protocol 17, Port 1701
Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201,
L2TP/IPSec session detected.
Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, QM
IsRekeyed old sa not found by addr
Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, IKE
Remote Peer configured for crypto map: outside_dyn_map
Jan 07 22:38:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP =
192.168.0.201, processing IPSec SA payload
Jan 07 22:38:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP =
192.168.0.201, AH proposal not supported
Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, All
IPSec SA proposals found unacceptable!

Is there any way to do something with config on ASA or it is normal
behaviour of l2tp over IPSec?
 
Reply With Quote
 
 
 
 
Jacques Virchaux
Guest
Posts: n/a
 
      01-14-2009
Lukas > a écrit :
> Hello,
>
> All config is in local network environment.
> I've configured l2tp on CISCO ASA5505 but when i trying to connect from
> windows XP to this ASA and i've got messages:
>


> Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, All
> IPSec SA proposals found unacceptable!
>
> Is there any way to do something with config on ASA or it is normal
> behaviour of l2tp over IPSec?


You should have these lines :

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

...and maybe also the set included here :

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set
TRANS_ESP_3DES_SHA ... ...

Then L2TP/IPSec will work fine. Try also Cisco documentation an guides.

--
Jacques Virchaux
EPFL - DIT-TI _|_
---------------------(*)---------

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Asa 5520 L2TP IPSEC and Cisco 837:Challenge JARAMOS Cisco 4 05-19-2009 11:51 AM
client-initiated L2TP tunnel over L2TP tunnel davidls Cisco 0 03-31-2009 11:20 AM
4506 acting as LNS with L2TP over IPsec and IPsec over L2TP. AM Cisco 0 02-20-2007 09:00 AM
4506 acting as LNS with L2TP over IPsec and IPsec over L2TP. AM Cisco 1 02-20-2007 07:20 AM
VPN over L2TP patchy connectivity while L2TP Traffic without VPN is fine. Gary Cisco 2 04-24-2005 02:48 AM



Advertisments