[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Cisco Remote Access VPN not working after changing LAN subnet

Posted on 2013-01-22
4
Medium Priority
?
926 Views
Last Modified: 2013-01-23
We have a Cisco ASA 5505. I am trying to setup a remote access VPN using the Cisco VPN Client software. I used the Remote Access VPN Wizard to configure the ASA. When I try to connect from a remote PC, I get this error almost immediately:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.

I have researched the error online and everything I can find relates to people who get connected and then after awhile they lose their connection. However, in my case the connection fails immediately.

When I run debug cry isakmp or debug cry ipsec I see no output which is odd.

This was working at one time but it quit working at some point. I think it quit working when we changed our internal IP subnet. That shouldn't have affected the VPN connection but I deleted the VPN configuration in the ASA and ran the wizard again just to be safe.
cd-asa.txt
0
Comment
Question by:fkoyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38808473
Wow, an ASA still on 7.2.4...

Changing the LAN subnet would not affect connecting and authentication with local users

Are you sure you are connecting to the correct hostname/ip address ?

As you are using pres shared key, these lines might cause a problem

crypto isakmp policy 10
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400

Open in new window

0
 
LVL 20

Accepted Solution

by:
rauenpc earned 2000 total points
ID: 38808583
I don't think you can disable am-mode and have ra VPN. At least the one time I disabled it I could no longer get clients connected. Maybe remove the command

Crypto isakmp am-disable
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38809018
If you enable logging in the VPN client (assuming you use the Cisco Secure VPN Client), does anything show there?
0
 
LVL 1

Author Closing Comment

by:fkoyer
ID: 38811017
Got it! It was the am-disable that was the problem. I enabled aggressive mode with this command:

no crypto isakmp am-disable

And that fixed it! Thanks a ton!
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Considering cloud tradeoffs and determining the right mix for your organization.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question