Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

CISCO VPN - Error msg (Reason 412: The remote peer is no longer responding)

Posted on 2010-09-13
4
Medium Priority
?
1,325 Views
Last Modified: 2012-05-10
I am newbie in cisco VPN... using cisco ASA 5510 and VPN client version 5.0.02.0090

Trying to setup a remote VPN connection on the ff: scenarios;
Tried Wirlesss & HardWired LAN connection from Home ADSL router..
disabled all firewall from Windows
also setup Macbook with VPN client version
-- all were unsuccessful.

Kindly checkout my cisco configuration and advice accordingly.
Many thanks in advance...
Result of the command: "show running-config"

: Saved
:
ASA Version 7.0(8) 
!
hostname ASA5510
domain-name xyz.com
enable password Uw/oFOUvMador6Bs encrypted
passwd st7nSD/5NRVdAsdM encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 99.xxx.99.2 255.255.255.252 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.254.254 255.255.255.0 
!
interface Ethernet0/2
 nameif DMZ
 security-level 70
 ip address 192.168.253.1 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone GST 4
same-security-traffic permit intra-interface
access-list inside_nat0_outbound extended permit ip any 192.168.254.48 255.255.255.240 
access-list outside_access_in extended permit tcp any eq pcanywhere-data interface outside eq pcanywhere-data 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool PoolVPN 192.168.254.51-192.168.254.60 mask 255.255.255.0
icmp permit any inside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pcanywhere-data 192.168.254.50 pcanywhere-data netmask 255.255.255.255 
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.xxx.99.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy TNLVPN-ITD internal
group-policy TNLVPN-ITD attributes
 dns-server value 80.227.2.2 213.132.33.15
 vpn-tunnel-protocol IPSec webvpn
 ipsec-udp enable
 webvpn
username ndhuser password wfV7X0H0FHj5WJOz encrypted privilege 0
username ndhuser attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
username bong password J.YO47CRUlQ29k4j encrypted privilege 0
username bong attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
http server enable
http 192.168.254.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group TNLVPN-ITD type ipsec-ra
tunnel-group TNLVPN-ITD general-attributes
 address-pool PoolVPN
 default-group-policy TNLVPN-ITD
tunnel-group TNLVPN-ITD ipsec-attributes
 pre-shared-key *
telnet 192.168.254.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.254.101-192.168.254.199 inside
dhcpd address 192.168.1.51-192.168.1.99 management
dhcpd dns 80.227.2.2 213.132.33.14
dhcpd lease 36000
dhcpd ping_timeout 50
dhcpd domain xyz.com
dhcpd enable inside
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
Cryptochecksum:149a01693b81635e0b7983fdcc68b959
: end

Open in new window

0
Comment
Question by:btiamson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
tgtran earned 2000 total points
ID: 33666342
1.  Group-policy "TNLVPN-ITD is missing a bunch of config
2.  Group-policy is configured for SSLVPN and not IPSec

You may want to review these VPN config examples
http://www.howtonetworking.com/cisco/asasample1.htm

Also, turning on VPN client logging would help identify the culprit
0
 

Author Comment

by:btiamson
ID: 33669936
thanks tgtran... I'll check out the sample VPN config.
0
 

Author Comment

by:btiamson
ID: 33690986
0
 

Author Closing Comment

by:btiamson
ID: 33691005
thanks tgtran for the idea!
also found guide link from cisco
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Make the most of your online learning experience.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question