Ciao a tutti,
ho il seguente problema: ho un ASA 5510, dove devvo attivare (sull'interfaccia esterna -> OUTSIDE) una vpn lan-to-lan (che funziona) ed un'accesso con vpn mobili (cisco client 4.6).
Questa è la configurazione (per le pvn):
group-policy vpn-remote internal
group-policy vpn-remote attributes
split-tunnel-policy tunnelall
username prova123 password XXXXXX encrypted
username prova123 attributes
vpn-group-policy vpn-remote
crypto ipsec transform-set secure esp-des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set secure
crypto dynamic-map dyn1 1 set reverse-route
crypto map VPNMAP 1 match address VPNMATCH
crypto map VPNMAP 1 set peer IP-REMOTO
crypto map VPNMAP 1 set transform-set secure
crypto map VPNMAP 65535 ipsec-isakmp dynamic dyn1
crypto map VPNMAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group IP-REMOTO type ipsec-l2l
tunnel-group IP-REMOTO ipsec-attributes
pre-shared-key *
tunnel-group remote-vpn type ipsec-ra
tunnel-group remote-vpn general-attributes
address-pool pool_vpn
authorization-server-group LOCAL
default-group-policy vpn-remote
tunnel-group remote-vpn ipsec-attributes
pre-shared-key *
dando un debug crypto isa il risultato è:
ASA-PDL# Jun 14 09:20:33 [IKEv1]: Group = DefaultRAGroup, IP = 81.125.122.38, Removing peer from peer table failed, no match!
Jun 14 09:20:33 [IKEv1]: Group = DefaultRAGroup, IP = IP DA DOVE TENTO LA CONNESSIONE, Error: Unable to remove PeerTblEntry.
GRAZIE A TUTTI
ASA & VPN MOBILI -> non funziona.
Moderatore: Federico.Lagni
