I'd like to indulge the Cisco gurus on this list. I am configuring the $subject on ASA5505 using ASDM . When I click finish to commit my actions, I end up with one WARNING as shown below: [OK] access-list ROADWARRIORS_splitTunnelAcl standard permit any [OK] access-list inside_nat0_outbound line 2 extended permit ip 0.0.0.0 0.0.0.0 192.168.31.0 255.255.255.224 [OK] username test password ScEIFvbu66G9uC.V encrypted privilege 0 [OK] username test attributes username test attributes [WARNING] vpn-group-policy ROADWARRIORS group-policy <ROADWARRIORS> does not exist [OK] ip local pool REMOTECLIENTPOOL 192.168.31.11-192.168.31.20 mask 255.255.255.0 [OK] group-policy ROADWARRIORS internal [OK] group-policy ROADWARRIORS attributes group-policy ROADWARRIORS attributes [OK] vpn-tunnel-protocol IPSec [OK] split-tunnel-policy tunnelspecified [OK] split-tunnel-network-list value ROADWARRIORS_splitTunnelAcl [OK] dns-server value 192.168.30.1 [OK] default-domain value testdomain.local [OK] configure terminal [OK] tunnel-group ROADWARRIORS type ipsec-ra [OK] tunnel-group ROADWARRIORS general-attributes tunnel-group ROADWARRIORS general-attributes [OK] default-group-policy ROADWARRIORS [OK] address-pool REMOTECLIENTPOOL [OK] tunnel-group ROADWARRIORS ipsec-attributes tunnel-group ROADWARRIORS ipsec-attributes [OK] pre-shared-key V3r1sEkRiTT!! [OK] crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac [OK] crypto dynamic-map outside_dyn_map 20 set pfs group2 [OK] crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA 1. What could be the possible cause of this problem? I am following the Cisco guide at http://lix.in/-974bf1. 2. Anyone willing to share with me the "relevant" VPN Client, with support for x86/x64?:) Thank you. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Double-check that the group name and password you are entering on the VPN client match what you have configured on the ASA ie.groupname: ROADWARRIORS password: <your-preshared-key> (V3r1sEkRiTT!!-in your case) On Mon, Nov 22, 2010 at 10:49 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
I'd like to indulge the Cisco gurus on this list. I am configuring the $subject on ASA5505 using ASDM . When I click finish to commit my actions, I end up with one WARNING as shown below:
[OK] access-list ROADWARRIORS_splitTunnelAcl standard permit any
[OK] access-list inside_nat0_outbound line 2 extended permit ip 0.0.0.0 0.0.0.0 192.168.31.0 255.255.255.224
[OK] username test password ScEIFvbu66G9uC.V encrypted privilege 0
[OK] username test attributes
username test attributes
[WARNING] vpn-group-policy ROADWARRIORS
group-policy <ROADWARRIORS> does not exist
[OK] ip local pool REMOTECLIENTPOOL 192.168.31.11-192.168.31.20 mask 255.255.255.0
[OK] group-policy ROADWARRIORS internal
[OK] group-policy ROADWARRIORS attributes
group-policy ROADWARRIORS attributes
[OK] vpn-tunnel-protocol IPSec
[OK] split-tunnel-policy tunnelspecified
[OK] split-tunnel-network-list value ROADWARRIORS_splitTunnelAcl
[OK] dns-server value 192.168.30.1
[OK] default-domain value testdomain.local
[OK] configure terminal
[OK] tunnel-group ROADWARRIORS type ipsec-ra
[OK] tunnel-group ROADWARRIORS general-attributes
tunnel-group ROADWARRIORS general-attributes
[OK] default-group-policy ROADWARRIORS
[OK] address-pool REMOTECLIENTPOOL
[OK] tunnel-group ROADWARRIORS ipsec-attributes
tunnel-group ROADWARRIORS ipsec-attributes
[OK] pre-shared-key V3r1sEkRiTT!!
[OK] crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
[OK] crypto dynamic-map outside_dyn_map 20 set pfs group2
[OK] crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
1. What could be the possible cause of this problem? I am following the Cisco guide at http://lix.in/-974bf1. 2. Anyone willing to share with me the "relevant" VPN Client, with support for x86/x64?:)
Thank you. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Mon, Nov 22, 2010 at 5:58 PM, Sharon Hatego <sharon.hatego@gmail.com>wrote:
Double-check that the group name and password you are entering on the VPN client match what you have configured on the ASA
ie.groupname: ROADWARRIORS password: <your-preshared-key> (V3r1sEkRiTT!!-in your case)
Hello Sharon,
From reading the instructions, it does not (unless I missed it) say that I need to predefine the groupname and the associated password from the CLI. There is a step where this groupname is supposed to be specified. What I fail to understand is why ASDM did not create this groupname.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Create and configure a VPN Group and the individual users ...... http://cisco.com/en/US/products/ps6120/products_configuration_example09186a0...
It did create it as far as I can tell from your config [OK] tunnel-group ROADWARRIORS ipsec-attributes tunnel-group ROADWARRIORS ipsec-attributes [OK] pre-shared-key V3r1sEkRiTT!! What I needed you to confirm is that on the VPN CLIENT the group name entered is ROADWARRIORS and the password is V3r1sEkRiTT!! On Tue, Nov 23, 2010 at 5:04 AM, Thomas Kibui <thomas.kibui@gmail.com>wrote:
Create and configure a VPN Group and the individual users ......
http://cisco.com/en/US/products/ps6120/products_configuration_example09186a0... _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Tue, Nov 23, 2010 at 1:23 PM, Sharon Hatego <sharon.hatego@gmail.com>wrote:
It did create it as far as I can tell from your config
[OK] tunnel-group ROADWARRIORS ipsec-attributes
tunnel-group ROADWARRIORS ipsec-attributes
[OK] pre-shared-key V3r1sEkRiTT!!
What I needed you to confirm is that on the VPN CLIENT the group name entered is ROADWARRIORS and the password is V3r1sEkRiTT!!
Now I think I understand what is happening! It complains about the groupname because Cisco have wrongly ordered the execution of the commands. The sequence should be to create the groupname and its attributes first before the users are created and associated with the groupname, right or wrong? PS: I don't have the VPN Client as yet. Still looking for a copy that can run on both x64 and x86. All machines I use run x64. Anyone willing to share? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
participants (3)
-
Odhiambo Washington -
Sharon Hatego -
Thomas Kibui