I am practicing with Ezvpn and ACS and for some reason my XP client is unable to land on the tunnel group I configure and instead is landing on the DefaultRAGroup. Here is what my firewall configuration looks like. What am I missing/doing wrong? I removed some of the config to try and shorten it up.
ASA Version 8.0(2) ! hostname ASA1 domain-name ipexpert.com enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface Ethernet0/0 nameif outside security-level 0 ip address 8.9.2.10 255.255.255.0 ! interface Ethernet0/1 nameif inside security-level 100 ip address 10.1.1.10 255.255.255.0 ! interface Ethernet0/2 nameif DMZ security-level 50 ip address 10.7.7.10 255.255.255.0 ! ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive clock timezone MST -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name ipexpert.com access-list Split standard permit 10.1.1.0 255.255.255.0 ! ip local pool EZpool1 10.80.80.1-10.80.80.254 ip local pool EZpool2 10.200.200.1-10.200.200.254 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 ! router ospf 1 router-id 10.10.10.10 network 8.9.2.0 255.255.255.0 area 1 log-adj-changes ! dynamic-access-policy-record DfltAccessPolicy aaa-server RAD protocol radius aaa-server RAD host 10.1.1.100 key CISCO no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set SET1 esp-3des esp-md5-hmac crypto dynamic-map DYN-MAP 65535 set transform-set SET1 crypto map VPN-MAP 65535 ipsec-isakmp dynamic DYN-MAP crypto map VPN-MAP interface outside crypto ca trustpoint R2 enrollment url http://8.9.2.2:80 subject-name CN=ASA1.ipexpert.com crl configure crypto ca certificate chain R2 certificate 03 <removed> quit certificate ca 01 <removed> quit crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 15 authentication rsa-sig encryption 3des hash md5 group 5 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ! ntp server 8.9.2.2 group-policy EXTERNAL external server-group RAD password GRPASS group-policy EZgroup internal group-policy EZgroup attributes wins-server value 10.1.1.50 dns-server value 10.1.1.50 vpn-idle-timeout 10 split-tunnel-policy tunnelspecified split-tunnel-network-list value Split default-domain value ipexpert.com address-pools value EZpool1 tunnel-group DefaultRAGroup general-attributes authorization-server-group RAD default-group-policy EXTERNAL authorization-required authorization-dn-attributes CN tunnel-group DefaultRAGroup ipsec-attributes trust-point R2 isakmp ikev1-user-authentication none tunnel-group REMOTE type remote-access tunnel-group REMOTE general-attributes authentication-server-group RAD default-group-policy EZgroup tunnel-group REMOTE ipsec-attributes pre-shared-key * tunnel-group EZgroup2 type remote-access tunnel-group EZgroup2 general-attributes authorization-server-group RAD default-group-policy EXTERNAL authorization-required authorization-dn-attributes CN tunnel-group EZgroup2 ipsec-attributes trust-point R2 isakmp ikev1-user-authentication none prompt hostname context Thank you, James
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
