Solved

Cisco Remote Access VPN not working after changing LAN subnet

Posted on 2013-01-22
4
899 Views
Last Modified: 2013-01-23
We have a Cisco ASA 5505. I am trying to setup a remote access VPN using the Cisco VPN Client software. I used the Remote Access VPN Wizard to configure the ASA. When I try to connect from a remote PC, I get this error almost immediately:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.

I have researched the error online and everything I can find relates to people who get connected and then after awhile they lose their connection. However, in my case the connection fails immediately.

When I run debug cry isakmp or debug cry ipsec I see no output which is odd.

This was working at one time but it quit working at some point. I think it quit working when we changed our internal IP subnet. That shouldn't have affected the VPN connection but I deleted the VPN configuration in the ASA and ran the wizard again just to be safe.
cd-asa.txt
0
Comment
Question by:fkoyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38808473
Wow, an ASA still on 7.2.4...

Changing the LAN subnet would not affect connecting and authentication with local users

Are you sure you are connecting to the correct hostname/ip address ?

As you are using pres shared key, these lines might cause a problem

crypto isakmp policy 10
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400

Open in new window

0
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 38808583
I don't think you can disable am-mode and have ra VPN. At least the one time I disabled it I could no longer get clients connected. Maybe remove the command

Crypto isakmp am-disable
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38809018
If you enable logging in the VPN client (assuming you use the Cisco Secure VPN Client), does anything show there?
0
 
LVL 1

Author Closing Comment

by:fkoyer
ID: 38811017
Got it! It was the am-disable that was the problem. I enabled aggressive mode with this command:

no crypto isakmp am-disable

And that fixed it! Thanks a ton!
0

Featured Post

Prevent Ransomware with Total Security Suite

With recent ransomware attacks topping the headlines, it might seem like there'e no hope in the battle against these advanced threats. Learn more about how WatchGuard's Total Security Suite can effectively prevent ransomware attacks including Petya 2.0 and WannaCry!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question