Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Cisco Remote Access VPN not working after changing LAN subnet

We have a Cisco ASA 5505. I am trying to setup a remote access VPN using the Cisco VPN Client software. I used the Remote Access VPN Wizard to configure the ASA. When I try to connect from a remote PC, I get this error almost immediately:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.

I have researched the error online and everything I can find relates to people who get connected and then after awhile they lose their connection. However, in my case the connection fails immediately.

When I run debug cry isakmp or debug cry ipsec I see no output which is odd.

This was working at one time but it quit working at some point. I think it quit working when we changed our internal IP subnet. That shouldn't have affected the VPN connection but I deleted the VPN configuration in the ASA and ran the wizard again just to be safe.
cd-asa.txt
0
fkoyer
Asked:
fkoyer
1 Solution
 
ArneLoviusCommented:
Wow, an ASA still on 7.2.4...

Changing the LAN subnet would not affect connecting and authentication with local users

Are you sure you are connecting to the correct hostname/ip address ?

As you are using pres shared key, these lines might cause a problem

crypto isakmp policy 10
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400

Open in new window

0
 
rauenpcCommented:
I don't think you can disable am-mode and have ra VPN. At least the one time I disabled it I could no longer get clients connected. Maybe remove the command

Crypto isakmp am-disable
0
 
Ernie BeekExpertCommented:
If you enable logging in the VPN client (assuming you use the Cisco Secure VPN Client), does anything show there?
0
 
fkoyerAuthor Commented:
Got it! It was the am-disable that was the problem. I enabled aggressive mode with this command:

no crypto isakmp am-disable

And that fixed it! Thanks a ton!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now