CISCO 5505 remote acces VPN issue

Hi Guys, here is my problem, I setup this 5505 at home and want to be able to vpn to my home network from work, but I get "Secure VPN connection terminated locally by the client, reason 412, the remote peer is no longer responding"
However when I try to use my iPhone , I can vpn in but can not ping any of my internal PC at home netowork, below is the config


TEST-ASA# sh run
: Saved
:
ASA Version 8.0(4)
!
hostname TEST-ASA
domain-name RCOM.COM
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server *.*.*.*
 domain-name Home.COM
access-list RA_VPN_ACL extended permit ip any 172.30.30.0 255.255.255.0
access-list RA_VPN_SplitTunnel_ACL standard permit 192.168.0.0 255.255.255.0
access-list NoNAT_ACL extended permit ip 192.168.0.0 255.255.255.0 172.30.30.0 255.255.255.0
pager lines 24
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool RA_VPN_POOL 172.30.30.100-172.30.30.200
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NoNAT_ACL
nat (inside) 1 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 69.115.96.1 1
route inside 0.0.0.0 0.0.0.0 192.168.0.1 tunneled
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set RA_VPN_SET esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map RA_VPN_MAP 1 match address RA_VPN_ACL
crypto dynamic-map RA_VPN_MAP 1 set transform-set RA_VPN_SET
crypto dynamic-map RA_VPN_MAP 1 set security-association lifetime seconds 28800
crypto dynamic-map RA_VPN_MAP 1 set security-association lifetime kilobytes 4608000
crypto map RA_VPN 65535 ipsec-isakmp dynamic RA_VPN_MAP
crypto map RA_VPN interface outside
crypto isakmp enable outside
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 192.168.0.100 255.255.255.255 inside
telnet timeout 30
ssh 192.168.0.100 255.255.255.255 inside
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd dns x.x.x.x x.x.x.x.x
!
dhcpd address 192.168.0.100-192.168.0.131 inside
dhcpd enable inside
!
 
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy RA_VPN_Policy internal
group-policy RA_VPN_Policy attributes
 dns-server value x.x.x.x
 vpn-tunnel-protocol IPSec
 ipsec-udp enable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RA_VPN_SplitTunnel_ACL
 split-dns value Home.COM
username iPhone password M7GRAtivQEqe87mS encrypted
tunnel-group RA_VPN type remote-access
tunnel-group RA_VPN general-attributes
 address-pool RA_VPN_POOL
 default-group-policy RA_VPN_Policy
tunnel-group RA_VPN ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e9cd94fa51506762611857237b806f2b
: end

Open in new window

ssdd2009Asked:
Who is Participating?
 
lrmooreCommented:
>route inside 0.0.0.0 0.0.0.0 192.168.0.1 tunneled
Remove this line

>crypto dynamic-map RA_VPN_MAP 1 match address RA_VPN_ACL
You should also be able to remove this line

I also don't see nat-traversal enabled. Add the following:

 crypto isakmp nat-traversal 25

If none of that works, enable TCP for the VPN. If you are using the ASDM GUI, it's a checkbox.
You could also remove the line to enable UDP 10000 and let it use the default 4500. I don't think the iPhone has a place to change that in the setup.
0
 
Nothing_ChangedCommented:
your problem from work is most likely that their firewall will not allow protocol 50 (ESP) through the firewall, making your vpn client connection break.

check the log for entries related to the failed iphone pings, and please paste in.

0
 
Nothing_ChangedCommented:
hey thanks for jumping in lrmoore, nothing i like better than more chefs. I'll remove this question, you take it from here.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.