I am trying to setup our Cisco asa 5505 remote VPN access IKEv1 Pre-shared key, so I can access with Windows native VPN client using a L2TP/IPsec tunnel.
We have IKEv1 Pre-shared Key setup with a group ID configured already, but since Windows doesn't support group ID, I need to use the DefaultRA group.
I managed to complete Phase 1 after adding the correct IKEv1 policy. But to fix the mismatch problem at Phase 2, I figured out that I need to make add ESP-3DES-SHA-TRANS transport set to the dynamic crypto map.
The problem is: After adding the correct transform set (ESP-3DES-SHA-TRANS) to the crypto map using asdm, the router refuses to let any traffic out on the Internet… Not just the VPN traffic, but all traffic. I tried two times, needed to restart the Firewall both time to get it running again.
Not sure if I should post any running configuration. We don't have any advanced routing, just a static route outside really. We have another site-to-site VPN using a static crypto map. But it shouldn't affect.
Any idea what could cause this behavior? What is the cli command for adding that transform set to the crypto map?
Thx hertitu, that helped.
I tried to edit with ASDM --> Network (Client) Access --> Advanced --> IPsec --> Cryptomaps, and added the ESP-3DES-SHA-TRANS transform set to the default dynamic crypto map.
The following commands was generated...
That didn't feel right, I trashed those and manually ran
instead. Now I managed to complete Phase 2 with my Windows client!