can you please activate NAT - T on your ASA. Secondly, because you are behind a router ADSL, I'm sure that's configured for NAT. So, you would need a specific tunnel-group name configured with a pre-shared key and use it on the Cisco VPN Client. This group name is used by the VPN Client Group name. There is a tunnel-group called "rtptacvpn" and a pre-shared key associated with it. Please see the section of tunnel-group config of the SAA. IPSec-attributes tunnel-group DefaultRAGroupįor the Cisco VPN client, you would need a tunnel-group name configured on the ASA with a pre-shared key. Split-tunnel-network-list value split tunnelĪttributes global-tunnel-group DefaultRAGroup Vpnclientmap 30 card crypto ipsec-isakmp dynamic dyn1Ĭard crypto interface for remote access vpnclientmap Raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map Life crypto ipsec security association seconds 214748364Ĭrypto ipsec kilobytes of life security-association 214748364 Route outside-Ganja 192.168.208.112 255.255.255.240 10.254.17.18 1ĭynamic-access-policy-registration DfltAccessPolicyĬrypto ipsec transform-set esp-3des esp-md5-hmac RIGHTĬrypto ipsec transform-set newset aes - esp esp-md5-hmacĬrypto ipsec transform-set esp-3des esp-md5-hmac vpnclienttransĬrypto ipsec transform-set vpnclienttrans transport modeĬrypto ipsec transform-set esp-3des esp-md5-hmac raccess NAT list extended access permit tcp any host 10.254.17.26 eq sshĪccess-list extended ip allowed any one sheepĪccess list nat-ganja extended permit tcp any host 10.254.17.18 eq ssh NAT list extended access permit tcp any host 10.254.17.10 eq ssh NAT in the case of XP can cause problems? The only difference is that client XP is behind an ADSL router and client server is directly connected to the Internet on one of its public IP of interfaces.
#Cisco ipsec vpn client access to host with static nat windows#
PS a funny thing - when I connect with client VPN in Windows Server 2003, I have no error. Debugging said "misconfigured groups and transport/tunneling mode" I know, they use different methods of transport and tunneling, and I think that I have configured both. I can connect successfully with Cisco VPN Client, but I get an error when connecting with the XP client. I configured ASA for IPSec VPN via Cisco VPN Client and XP VPN client communications. Cisco VPN Client and Windows XP VPN Client IPSec to ASA