Announcement

Collapse
No announcement yet.

ASA5505 - VPNclient > All IPSEC SA proposals found unacceptible

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA5505 - VPNclient > All IPSEC SA proposals found unacceptible

    Hi all,

    Trying to get CiscoVPN client (5.0.02.0090) on Vista Home Premium (laptop)connect to ASA5505.

    As the title says the SA proposals are found unacceptible. IKE SA is fine.
    And although I've been searching for solutions all over the place I 've not found a working solution yet.

    Could anyone help me please?

    Thanx

    Jaap

    1. The config and debug are attached
    2. Tested with both users > same result
    3. Authentication MS-Chap V2 used because of Vista
    Attached Files

  • #2
    Re: ASA5505 - VPNclient > All IPSEC SA proposals found unacceptible

    Hi all,

    With the help from Ivan Martino of Cisco found the solution.

    Followed his advice and deleted:
    - crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA.

    Added:
    - TRANS_ESP_3DES_SHA (as first option) to crypto dynamic-map outside_dyn_map 40 set transform-set vpnclient ESP-DES-MD5 ESP-3DES-MD5 ESP-3DES-SHA

    and it works !!!

    The L2TP is also still working.

    It seems that my 5505 (and the other ASA-models?) does/do not like two lines with 'crypto dynamic-map', i.c. 20 & 40. See attchments.
    Is this a flaw in the handling?

    Greetz

    Jaap

    Comment


    • #3
      Re: ASA5505 - VPNclient > All IPSEC SA proposals found unacceptible

      Can't find anything on that so far! Will have to remember it though, may thanks for posting back the answer. Rep points on the way.
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment

      Working...
      X