Solved

CISCO VPN - Error msg (Reason 412: The remote peer is no longer responding)

Posted on 2010-09-13
4
1,255 Views
Last Modified: 2012-05-10
I am newbie in cisco VPN... using cisco ASA 5510 and VPN client version 5.0.02.0090

Trying to setup a remote VPN connection on the ff: scenarios;
Tried Wirlesss & HardWired LAN connection from Home ADSL router..
disabled all firewall from Windows
also setup Macbook with VPN client version
-- all were unsuccessful.

Kindly checkout my cisco configuration and advice accordingly.
Many thanks in advance...
Result of the command: "show running-config"

: Saved
:
ASA Version 7.0(8) 
!
hostname ASA5510
domain-name xyz.com
enable password Uw/oFOUvMador6Bs encrypted
passwd st7nSD/5NRVdAsdM encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 99.xxx.99.2 255.255.255.252 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.254.254 255.255.255.0 
!
interface Ethernet0/2
 nameif DMZ
 security-level 70
 ip address 192.168.253.1 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone GST 4
same-security-traffic permit intra-interface
access-list inside_nat0_outbound extended permit ip any 192.168.254.48 255.255.255.240 
access-list outside_access_in extended permit tcp any eq pcanywhere-data interface outside eq pcanywhere-data 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool PoolVPN 192.168.254.51-192.168.254.60 mask 255.255.255.0
icmp permit any inside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pcanywhere-data 192.168.254.50 pcanywhere-data netmask 255.255.255.255 
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.xxx.99.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy TNLVPN-ITD internal
group-policy TNLVPN-ITD attributes
 dns-server value 80.227.2.2 213.132.33.15
 vpn-tunnel-protocol IPSec webvpn
 ipsec-udp enable
 webvpn
username ndhuser password wfV7X0H0FHj5WJOz encrypted privilege 0
username ndhuser attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
username bong password J.YO47CRUlQ29k4j encrypted privilege 0
username bong attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
http server enable
http 192.168.254.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group TNLVPN-ITD type ipsec-ra
tunnel-group TNLVPN-ITD general-attributes
 address-pool PoolVPN
 default-group-policy TNLVPN-ITD
tunnel-group TNLVPN-ITD ipsec-attributes
 pre-shared-key *
telnet 192.168.254.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.254.101-192.168.254.199 inside
dhcpd address 192.168.1.51-192.168.1.99 management
dhcpd dns 80.227.2.2 213.132.33.14
dhcpd lease 36000
dhcpd ping_timeout 50
dhcpd domain xyz.com
dhcpd enable inside
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
Cryptochecksum:149a01693b81635e0b7983fdcc68b959
: end

Open in new window

0
Comment
Question by:btiamson
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
tgtran earned 500 total points
ID: 33666342
1.  Group-policy "TNLVPN-ITD is missing a bunch of config
2.  Group-policy is configured for SSLVPN and not IPSec

You may want to review these VPN config examples
http://www.howtonetworking.com/cisco/asasample1.htm

Also, turning on VPN client logging would help identify the culprit
0
 

Author Comment

by:btiamson
ID: 33669936
thanks tgtran... I'll check out the sample VPN config.
0
 

Author Comment

by:btiamson
ID: 33690986
0
 

Author Closing Comment

by:btiamson
ID: 33691005
thanks tgtran for the idea!
also found guide link from cisco
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now