Есть у нас кто дружит с Cisco

madsima

Активный пользователь
l2tp over ipsec поднять надо, чтобы с яблока к ней подцепляться.
На центоси, микротике, зюхеле поднимаю, а вот на cisco asa ни в какую...
 

zzz

инвалид умственного труда
удп-порты 500 и 4500 должны быть открыты. еще ограничения:
  • L2TP over IPsec supports only IKEv1. IKEv2 is not supported.
  • L2TP with IPsec on the ASA allows the LNS to interoperate with native VPN clients integrated in such operating systems as Windows, MAC OS X, Android, and Cisco IOS. Only L2TP with IPsec is supported, native L2TP itself is not supported on ASA.
  • The minimum IPsec security association lifetime supported by the Windows client is 300 seconds. If the lifetime on the ASA is set to less than 300 seconds, the Windows client ignores it and replaces it with a 300 second lifetime.
  • The ASA only supports the Point-to-Point Protocol (PPP) authentications Password Authentication Protocol (PAP) and Microsoft Challenge-Handshake Authentication Protocol (CHAP), Versions 1 and 2, on the local database. Extensible Authentication Protocol (EAP) and CHAP are performed by proxy authentication servers. Therefore, if a remote user belongs to a tunnel group configured with the authentication eap-proxy or authentication chap commands, and the ASA is configured to use the local database, that user cannot connect.
+ лицензии, возможно, надо посмотреть: Configuring L2TP over IPSec
 
Сверху