Solved

CISCO VPN - Error msg (Reason 412: The remote peer is no longer responding)

Posted on 2010-09-13
4
1,284 Views
Last Modified: 2012-05-10
I am newbie in cisco VPN... using cisco ASA 5510 and VPN client version 5.0.02.0090

Trying to setup a remote VPN connection on the ff: scenarios;
Tried Wirlesss & HardWired LAN connection from Home ADSL router..
disabled all firewall from Windows
also setup Macbook with VPN client version
-- all were unsuccessful.

Kindly checkout my cisco configuration and advice accordingly.
Many thanks in advance...
Result of the command: "show running-config"

: Saved
:
ASA Version 7.0(8) 
!
hostname ASA5510
domain-name xyz.com
enable password Uw/oFOUvMador6Bs encrypted
passwd st7nSD/5NRVdAsdM encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 99.xxx.99.2 255.255.255.252 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.254.254 255.255.255.0 
!
interface Ethernet0/2
 nameif DMZ
 security-level 70
 ip address 192.168.253.1 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone GST 4
same-security-traffic permit intra-interface
access-list inside_nat0_outbound extended permit ip any 192.168.254.48 255.255.255.240 
access-list outside_access_in extended permit tcp any eq pcanywhere-data interface outside eq pcanywhere-data 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool PoolVPN 192.168.254.51-192.168.254.60 mask 255.255.255.0
icmp permit any inside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pcanywhere-data 192.168.254.50 pcanywhere-data netmask 255.255.255.255 
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.xxx.99.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy TNLVPN-ITD internal
group-policy TNLVPN-ITD attributes
 dns-server value 80.227.2.2 213.132.33.15
 vpn-tunnel-protocol IPSec webvpn
 ipsec-udp enable
 webvpn
username ndhuser password wfV7X0H0FHj5WJOz encrypted privilege 0
username ndhuser attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
username bong password J.YO47CRUlQ29k4j encrypted privilege 0
username bong attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
http server enable
http 192.168.254.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group TNLVPN-ITD type ipsec-ra
tunnel-group TNLVPN-ITD general-attributes
 address-pool PoolVPN
 default-group-policy TNLVPN-ITD
tunnel-group TNLVPN-ITD ipsec-attributes
 pre-shared-key *
telnet 192.168.254.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.254.101-192.168.254.199 inside
dhcpd address 192.168.1.51-192.168.1.99 management
dhcpd dns 80.227.2.2 213.132.33.14
dhcpd lease 36000
dhcpd ping_timeout 50
dhcpd domain xyz.com
dhcpd enable inside
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
Cryptochecksum:149a01693b81635e0b7983fdcc68b959
: end

Open in new window

0
Comment
Question by:btiamson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
tgtran earned 500 total points
ID: 33666342
1.  Group-policy "TNLVPN-ITD is missing a bunch of config
2.  Group-policy is configured for SSLVPN and not IPSec

You may want to review these VPN config examples
http://www.howtonetworking.com/cisco/asasample1.htm

Also, turning on VPN client logging would help identify the culprit
0
 

Author Comment

by:btiamson
ID: 33669936
thanks tgtran... I'll check out the sample VPN config.
0
 

Author Comment

by:btiamson
ID: 33690986
0
 

Author Closing Comment

by:btiamson
ID: 33691005
thanks tgtran for the idea!
also found guide link from cisco
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question