[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 947
  • Last Modified:

Cisco Remote Access VPN not working after changing LAN subnet

We have a Cisco ASA 5505. I am trying to setup a remote access VPN using the Cisco VPN Client software. I used the Remote Access VPN Wizard to configure the ASA. When I try to connect from a remote PC, I get this error almost immediately:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.

I have researched the error online and everything I can find relates to people who get connected and then after awhile they lose their connection. However, in my case the connection fails immediately.

When I run debug cry isakmp or debug cry ipsec I see no output which is odd.

This was working at one time but it quit working at some point. I think it quit working when we changed our internal IP subnet. That shouldn't have affected the VPN connection but I deleted the VPN configuration in the ASA and ran the wizard again just to be safe.
cd-asa.txt
0
fkoyer
Asked:
fkoyer
1 Solution
 
ArneLoviusCommented:
Wow, an ASA still on 7.2.4...

Changing the LAN subnet would not affect connecting and authentication with local users

Are you sure you are connecting to the correct hostname/ip address ?

As you are using pres shared key, these lines might cause a problem

crypto isakmp policy 10
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400

Open in new window

0
 
rauenpcCommented:
I don't think you can disable am-mode and have ra VPN. At least the one time I disabled it I could no longer get clients connected. Maybe remove the command

Crypto isakmp am-disable
0
 
Ernie BeekExpertCommented:
If you enable logging in the VPN client (assuming you use the Cisco Secure VPN Client), does anything show there?
0
 
fkoyerAuthor Commented:
Got it! It was the am-disable that was the problem. I enabled aggressive mode with this command:

no crypto isakmp am-disable

And that fixed it! Thanks a ton!
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now