Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco asa 5505 vpn issue

Avatar of rickyt00
rickyt00 asked on
Networking
5 Comments1 Solution462 ViewsLast Modified:
I am having a problem trying to connect to our vpn remotely.  I am using the cisco vpn client.  When I turn the logging on I am getting the messages.

9      15:35:31.546  01/23/09  Sev=Info/4      CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

10     15:35:31.546  01/23/09  Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

I have pasted the config below for reference.  I am confused because the connection comes up and prompts for the username and password but then fails after that.  Thanks


: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name xxxxx
enable password fETFvbKeIkX35giv encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.99 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.252
!
interface Vlan12
 nameif Cad
 security-level 90
 ip address 10.10.10.250 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
 switchport access vlan 12
!
interface Ethernet0/7
 switchport access vlan 12
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name xxxxx
access-list DefaultRAGroup_splitTunnelAcl standard permit any
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit tcp any 192.168.1.0 255.255.255.0 eq 135
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit udp any 192.168.1.0 255.255.255.0 eq 135
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit tcp any 192.168.1.0 255.255.255.0 eq 136
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit udp any 192.168.1.0 255.255.255.0 eq 136
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit tcp any 192.168.1.0 255.255.255.0 eq 137
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit udp any 192.168.1.0 255.255.255.0 eq netbios-ns
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit tcp any 192.168.1.0 255.255.255.0 eq 138
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit udp any 192.168.1.0 255.255.255.0 eq netbios-dgm
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit tcp any 192.168.1.0 255.255.255.0 eq netbios-ssn
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit udp any 192.168.1.0 255.255.255.0 eq 139
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit tcp any 192.168.1.0 255.255.255.0 eq 445
access-list Cad_access_in remark WFS
access-list Cad_access_in extended permit udp any 192.168.1.0 255.255.255.0 eq 445
access-list inside_access_in remark WFS
access-list inside_access_in extended permit tcp any 10.10.10.0 255.255.255.0 eq 135
access-list inside_access_in remark WFS
access-list inside_access_in extended permit udp any 10.10.10.0 255.255.255.0 eq 135
access-list inside_access_in remark WFS
access-list inside_access_in extended permit tcp any 10.10.10.0 255.255.255.0 eq 136
access-list inside_access_in remark WFS
access-list inside_access_in extended permit udp any 10.10.10.0 255.255.255.0 eq 136
access-list inside_access_in remark WFS
access-list inside_access_in extended permit tcp any 10.10.10.0 255.255.255.0 eq 137
access-list inside_access_in remark WFS
access-list inside_access_in extended permit udp any 10.10.10.0 255.255.255.0 eq netbios-ns
access-list inside_access_in remark WFS
access-list inside_access_in extended permit tcp any 10.10.10.0 255.255.255.0 eq 138
access-list inside_access_in remark WFS
access-list inside_access_in extended permit udp any 10.10.10.0 255.255.255.0 eq netbios-dgm
access-list inside_access_in remark WFS
access-list inside_access_in extended permit tcp any 10.10.10.0 255.255.255.0 eq netbios-ssn
access-list inside_access_in remark WFS
access-list inside_access_in extended permit udp any 10.10.10.0 255.255.255.0 eq 139
access-list inside_access_in remark WFS
access-list inside_access_in extended permit tcp any 10.10.10.0 255.255.255.0 eq 445
access-list inside_access_in remark WFS
access-list inside_access_in extended permit udp any 10.10.10.0 255.255.255.0 eq 445
access-list inside_access_in extended deny ip any 10.10.10.0 255.255.255.0
access-list inside_access_in remark Permit All other traffic to outside
access-list inside_access_in extended permit ip any any
access-list inside_access_in remark Permit All other traffic to outside
access-list outside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip any 192.168.1.240 255.255.255.248
access-list inside_nat0_outbound extended permit ip any 192.168.1.192 255.255.255.192
pager lines 24
logging enable
logging list Outbound_TCP_Connex message 302014
logging list Outbound_TCP_Connex message 302013
logging trap informational
logging asdm informational
logging from-address
logging facility 16
logging device-id hostname
logging host inside 192.168.1.3
logging class auth trap emergencies
logging class bridge trap emergencies
logging class sys trap emergencies
mtu inside 1500
mtu outside 1500
mtu Cad 1500
ip local pool VPNIP 172.25.1.5-172.25.1.10 mask 255.255.255.0
no failover
monitor-interface inside
monitor-interface outside
monitor-interface Cad
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any Cad
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (Cad) 2 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 4443 192.168.1.1 4443 netmask 255.255.255.255
static (inside,outside) udp interface 4443 192.168.1.1 4443 netmask 255.255.255.255
static (inside,outside) tcp interface 7773 192.168.1.1 7773 netmask 255.255.255.255
static (inside,outside) udp interface 7773 192.168.1.1 7773 netmask 255.255.255.255
static (inside,outside) tcp interface 24255 192.168.1.60 24255 netmask 255.255.255.255
static (inside,outside) udp interface 24255 192.168.1.60 24255 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group Cad_access_in in interface Cad
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Cad 192.168.100.101 255.255.255.255 10.10.10.200 1
!
router rip
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set pfs group1
crypto dynamic-map inside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map inside_dyn_map 40 set pfs group1
crypto dynamic-map inside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  20
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

!

webvpn
 port 444
 customization DfltCustomization
  title text WebVpn Service
  group-prompt text
  group-prompt style
  logo file disk0:/logo.gif
 group-policy WCVPN internal
group-policy WCVPN attributes
 vpn-tunnel-protocol IPSec
username user1 password okrFkreflx5QlBur encrypted privilege 0
username user1 attributes
 vpn-group-policy WCVPN
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 authentication pap
 authentication ms-chap-v2
tunnel-group WCVPN type ipsec-ra
tunnel-group WCVPN general-attributes
 address-pool VPNIP
 default-group-policy WCVPN
tunnel-group WCVPN ipsec-attributes
 pre-shared-key *
tunnel-group-map default-group WCVPN
!
!
prompt hostname context
Cryptochecksum:82049c07a659a47cd45a89f2130f1f02
: end
asdm image disk0:/asdm-524.bin
no asdm history enable

ASKER CERTIFIED SOLUTION
Avatar of MikeKane
Commented:
This problem has been solved!
Unlock 1 Answer and 5 Comments.
See Answers