CISCO 5505 remote acces VPN issue

Posted on 2009-02-12
Last Modified: 2012-05-06
Hi Guys, here is my problem, I setup this 5505 at home and want to be able to vpn to my home network from work, but I get "Secure VPN connection terminated locally by the client, reason 412, the remote peer is no longer responding"
However when I try to use my iPhone , I can vpn in but can not ping any of my internal PC at home netowork, below is the config

TEST-ASA# sh run

: Saved


ASA Version 8.0(4)


hostname TEST-ASA

domain-name RCOM.COM

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Vlan1

 nameif inside

 security-level 100

 ip address


interface Vlan2

 nameif outside

 security-level 0

 ip address dhcp setroute


interface Ethernet0/0

 switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

 name-server *.*.*.*

 domain-name Home.COM

access-list RA_VPN_ACL extended permit ip any

access-list RA_VPN_SplitTunnel_ACL standard permit

access-list NoNAT_ACL extended permit ip

pager lines 24

logging buffered debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool RA_VPN_POOL

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list NoNAT_ACL

nat (inside) 1

route outside 1

route inside tunneled

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http outside

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set RA_VPN_SET esp-aes esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map RA_VPN_MAP 1 match address RA_VPN_ACL

crypto dynamic-map RA_VPN_MAP 1 set transform-set RA_VPN_SET

crypto dynamic-map RA_VPN_MAP 1 set security-association lifetime seconds 28800

crypto dynamic-map RA_VPN_MAP 1 set security-association lifetime kilobytes 4608000

crypto map RA_VPN 65535 ipsec-isakmp dynamic RA_VPN_MAP

crypto map RA_VPN interface outside

crypto isakmp enable outside

crypto isakmp policy 65535

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

telnet inside

telnet timeout 30

ssh inside

ssh inside

ssh outside

ssh timeout 5

console timeout 0

dhcpd dns x.x.x.x x.x.x.x.x


dhcpd address inside

dhcpd enable inside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

group-policy RA_VPN_Policy internal

group-policy RA_VPN_Policy attributes

 dns-server value x.x.x.x

 vpn-tunnel-protocol IPSec

 ipsec-udp enable

 ipsec-udp-port 10000

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value RA_VPN_SplitTunnel_ACL

 split-dns value Home.COM

username iPhone password M7GRAtivQEqe87mS encrypted

tunnel-group RA_VPN type remote-access

tunnel-group RA_VPN general-attributes

 address-pool RA_VPN_POOL

 default-group-policy RA_VPN_Policy

tunnel-group RA_VPN ipsec-attributes

 pre-shared-key *


class-map inspection_default

 match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp


service-policy global_policy global

prompt hostname context


: end

Open in new window

Question by:ssdd2009
    LVL 8

    Expert Comment

    your problem from work is most likely that their firewall will not allow protocol 50 (ESP) through the firewall, making your vpn client connection break.

    check the log for entries related to the failed iphone pings, and please paste in.

    LVL 79

    Accepted Solution

    >route inside tunneled
    Remove this line

    >crypto dynamic-map RA_VPN_MAP 1 match address RA_VPN_ACL
    You should also be able to remove this line

    I also don't see nat-traversal enabled. Add the following:

     crypto isakmp nat-traversal 25

    If none of that works, enable TCP for the VPN. If you are using the ASDM GUI, it's a checkbox.
    You could also remove the line to enable UDP 10000 and let it use the default 4500. I don't think the iPhone has a place to change that in the setup.
    LVL 8

    Expert Comment

    hey thanks for jumping in lrmoore, nothing i like better than more chefs. I'll remove this question, you take it from here.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now