[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 941
  • Last Modified:

Cisco Remote Access VPN not working after changing LAN subnet

We have a Cisco ASA 5505. I am trying to setup a remote access VPN using the Cisco VPN Client software. I used the Remote Access VPN Wizard to configure the ASA. When I try to connect from a remote PC, I get this error almost immediately:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.

I have researched the error online and everything I can find relates to people who get connected and then after awhile they lose their connection. However, in my case the connection fails immediately.

When I run debug cry isakmp or debug cry ipsec I see no output which is odd.

This was working at one time but it quit working at some point. I think it quit working when we changed our internal IP subnet. That shouldn't have affected the VPN connection but I deleted the VPN configuration in the ASA and ran the wizard again just to be safe.
cd-asa.txt
0
fkoyer
Asked:
fkoyer
1 Solution
 
ArneLoviusCommented:
Wow, an ASA still on 7.2.4...

Changing the LAN subnet would not affect connecting and authentication with local users

Are you sure you are connecting to the correct hostname/ip address ?

As you are using pres shared key, these lines might cause a problem

crypto isakmp policy 10
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400

Open in new window

0
 
rauenpcCommented:
I don't think you can disable am-mode and have ra VPN. At least the one time I disabled it I could no longer get clients connected. Maybe remove the command

Crypto isakmp am-disable
0
 
Ernie BeekCommented:
If you enable logging in the VPN client (assuming you use the Cisco Secure VPN Client), does anything show there?
0
 
fkoyerAuthor Commented:
Got it! It was the am-disable that was the problem. I enabled aggressive mode with this command:

no crypto isakmp am-disable

And that fixed it! Thanks a ton!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now