ASA 5505, l2tp server and windows XP

Discussion in 'Cisco' started by Lukas, Jan 7, 2009.

  1. Lukas

    Lukas Guest

    Hello,

    All config is in local network environment.
    I've configured l2tp on CISCO ASA5505 but when i trying to connect from
    windows XP to this ASA and i've got messages:

    Jan 07 22:38:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP =
    192.168.0.201, processing ID payload
    Jan 07 22:38:19 [IKEv1 DECODE]: Group = DefaultRAGroup, IP =
    192.168.0.201, ID_IPV4_ADDR ID received
    172.16.18.1
    Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201,
    Received local Proxy Host data in ID Payload: Address 172.16.18.1,
    Protocol 17, Port 1701
    Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201,
    L2TP/IPSec session detected.
    Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, QM
    IsRekeyed old sa not found by addr
    Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, IKE
    Remote Peer configured for crypto map: outside_dyn_map
    Jan 07 22:38:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP =
    192.168.0.201, processing IPSec SA payload
    Jan 07 22:38:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP =
    192.168.0.201, AH proposal not supported
    Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, All
    IPSec SA proposals found unacceptable!

    Is there any way to do something with config on ASA or it is normal
    behaviour of l2tp over IPSec?
     
    Lukas, Jan 7, 2009
    #1
    1. Advertising

  2. Lukas > a écrit :
    > Hello,
    >
    > All config is in local network environment.
    > I've configured l2tp on CISCO ASA5505 but when i trying to connect from
    > windows XP to this ASA and i've got messages:
    >


    > Jan 07 22:38:19 [IKEv1]: Group = DefaultRAGroup, IP = 192.168.0.201, All
    > IPSec SA proposals found unacceptable!
    >
    > Is there any way to do something with config on ASA or it is normal
    > behaviour of l2tp over IPSec?


    You should have these lines :

    crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

    ...and maybe also the set included here :

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set
    TRANS_ESP_3DES_SHA ... ...

    Then L2TP/IPSec will work fine. Try also Cisco documentation an guides.

    --
    Jacques Virchaux
    EPFL - DIT-TI _|_
    ---------------------(*)---------
     
    Jacques Virchaux, Jan 14, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    1
    Views:
    555
  2. Replies:
    4
    Views:
    881
  3. Replies:
    1
    Views:
    3,366
  4. lesniak81

    asa 5505 + l2tp

    lesniak81, Nov 6, 2008, in forum: Cisco
    Replies:
    1
    Views:
    2,035
    Jacques Virchaux
    Nov 10, 2008
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    673
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page