I am trying to set up an Remote-VPN IPsec ikev1 from a Windows 10 built in VPN-client to a Cisco asa 5505, using a L2TP/IPsec runnel with a Pre-shared key and xAuth.
After some struggle, I manage to complete both IPsec Phase 1 and Phase 2. But I still got this error on the Windows side when trying to connect:
The remote connection was denied because the user name and password
combination you provided is not recognized, or the selected
authentication protocol is not permitted on the remote access server”.
On the Windows side, I have under "Allowed protocols" checked both Chap and MS-Chap v2.
On the Cisco ASA, I have allowed MS-Chap v2 on the DefaultRAGroup, and the Cisco VPN debugger doesn't show me anything specific error about this either.
Will post parts of my running configuration if needed, but I have a feeling that the problem is from the Windows side.
Anyone succeeded with what I am trying to do here? Or know some details about Windows built-in VPN Client authentication methods that I don't?
EDIT
Added a screenshot of some VPN Debug messages. Notice the "PHASE 2 COMPLETE" message in blue, and then the client send a Terminate message. Also notice "Security negotiation complete for User(). There should be a user stated in there..
Best Answer
This is often the case when the AAA-Server and PPP combination is wrong. Only these combinations are supported:
See this reference. You have to select that appropriately at the Connection Profile (Advanced->PPP).