• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1351
  • Last Modified:

CISCO VPN - Error msg (Reason 412: The remote peer is no longer responding)

I am newbie in cisco VPN... using cisco ASA 5510 and VPN client version 5.0.02.0090

Trying to setup a remote VPN connection on the ff: scenarios;
Tried Wirlesss & HardWired LAN connection from Home ADSL router..
disabled all firewall from Windows
also setup Macbook with VPN client version
-- all were unsuccessful.

Kindly checkout my cisco configuration and advice accordingly.
Many thanks in advance...
Result of the command: "show running-config"

: Saved
:
ASA Version 7.0(8) 
!
hostname ASA5510
domain-name xyz.com
enable password Uw/oFOUvMador6Bs encrypted
passwd st7nSD/5NRVdAsdM encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 99.xxx.99.2 255.255.255.252 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.254.254 255.255.255.0 
!
interface Ethernet0/2
 nameif DMZ
 security-level 70
 ip address 192.168.253.1 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone GST 4
same-security-traffic permit intra-interface
access-list inside_nat0_outbound extended permit ip any 192.168.254.48 255.255.255.240 
access-list outside_access_in extended permit tcp any eq pcanywhere-data interface outside eq pcanywhere-data 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool PoolVPN 192.168.254.51-192.168.254.60 mask 255.255.255.0
icmp permit any inside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pcanywhere-data 192.168.254.50 pcanywhere-data netmask 255.255.255.255 
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.xxx.99.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy TNLVPN-ITD internal
group-policy TNLVPN-ITD attributes
 dns-server value 80.227.2.2 213.132.33.15
 vpn-tunnel-protocol IPSec webvpn
 ipsec-udp enable
 webvpn
username ndhuser password wfV7X0H0FHj5WJOz encrypted privilege 0
username ndhuser attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
username bong password J.YO47CRUlQ29k4j encrypted privilege 0
username bong attributes
 vpn-group-policy TNLVPN-ITD
 webvpn
http server enable
http 192.168.254.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group TNLVPN-ITD type ipsec-ra
tunnel-group TNLVPN-ITD general-attributes
 address-pool PoolVPN
 default-group-policy TNLVPN-ITD
tunnel-group TNLVPN-ITD ipsec-attributes
 pre-shared-key *
telnet 192.168.254.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.254.101-192.168.254.199 inside
dhcpd address 192.168.1.51-192.168.1.99 management
dhcpd dns 80.227.2.2 213.132.33.14
dhcpd lease 36000
dhcpd ping_timeout 50
dhcpd domain xyz.com
dhcpd enable inside
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
Cryptochecksum:149a01693b81635e0b7983fdcc68b959
: end

Open in new window

0
btiamson
Asked:
btiamson
  • 3
1 Solution
 
tgtranCommented:
1.  Group-policy "TNLVPN-ITD is missing a bunch of config
2.  Group-policy is configured for SSLVPN and not IPSec

You may want to review these VPN config examples
http://www.howtonetworking.com/cisco/asasample1.htm

Also, turning on VPN client logging would help identify the culprit
0
 
btiamsonAuthor Commented:
thanks tgtran... I'll check out the sample VPN config.
0
 
btiamsonAuthor Commented:
0
 
btiamsonAuthor Commented:
thanks tgtran for the idea!
also found guide link from cisco
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now