ip local pool VPNNET 172.30.0.1-172.30.0.254 mask 255.255.255.0
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 94.243.***.** 255.255.255.248
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.7.254 255.255.254.0
!

dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 192.168.6.7
 name-server 192.168.6.4
 domain-name domain.local
object network INSIDE
 subnet 192.168.6.0 255.255.254.0
object network EXCHANGE2010-HTTPS
 host 192.168.6.12
object network VPNNETWORK
 subnet 172.30.0.0 255.255.255.0

access-list OUTSIDE-ACL extended permit ip object VPNNETWORK object INSIDE
access-list SPLIT-TUNNEL-LIST standard permit 192.168.6.0 255.255.254.0

ip verify reverse-path interface outside
nat (inside,outside) source static INSIDE INSIDE destination static VPNNETWORK VPNNETWORK no-proxy-arp route-

lookup
!
object network INSIDE
 nat (inside,outside) dynamic interface
access-group OUTSIDE-ACL in interface outside
route outside 0.0.0.0 0.0.0.0 94.243.***.** 1

ldap attribute-map LDAP-MAP
  map-name  memberOf Group-Policy
  map-value memberOf CN=ra_users,CN=Users,DC=domain,DC=local GroupPolicy_ANYVPN
dynamic-access-policy-record DfltAccessPolicy
 webvpn
  url-list none
aaa-server AD protocol ldap
 reactivation-mode timed
aaa-server AD (inside) host 192.168.6.7
 server-port 636
 ldap-base-dn dc=domain, DC=local
 ldap-group-base-dn cn=ra_users, cn=users, dc=domain, DC=local
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn cn=asa, cn=users, dc=domain, DC=local
 ldap-over-ssl enable
 server-type microsoft
 ldap-attribute-map LDAP-MAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable 4443
http 192.168.6.0 255.255.254.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set MYSET esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set MYSET2 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set MYSET3 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set MYSET4 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-

AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-

SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES

crypto map outside_map interface outside

crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 fqdn www.webapp.domain-group.ru
 subject-name CN=webapp.domain.ru,OU=IT,O=DOMAIN,C=RU,St=MSK,L=Moscow,EA=it@domain.ru
 keypair 2048keytype
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint3
 enrollment terminal
 fqdn vpn.domain-i.ru
 subject-name CN=vpn.domain-i.ru,OU=it,O=DOMAIN,C=RU,St=MSK,L=Moscow,EA=it@domain.ru
 keypair 2048keytype
 crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
 certificate 6d93df3d8b19a170c30a2fbc20c37fcb
    308204f5 308203dd a0030201 0202106d 93df3d8b 19a170c3 0a2fbc20 c37fcb30
    ...
    d8c82220 58e4334a a515d152 88a8b413 a8f1fffa f19c4791 23e079f4 afaf5fd1
    436bcb13 9ad6c459 a85d0b8e 0cc7d416 2a7698ca 35ecfbcb d4f3de01 b2bdd417
    1dc47956 f75d87b8 f64e785d 2f9d1c95 04aab05c a48d4223 93e92771 a7550d3b
    d6a4dc92 68d231fc 58d06043 425965cb 12ebd41b f881b011 72
  quit
crypto ca certificate chain ASDM_TrustPoint1
 certificate ca 3f5329027192b209eebf37a189a978d8
    30820428 30820310 a0030201 0202103f 53290271 92b209ee bf37a189 a978d830
   ...
    ee8ce693 e2bc1552 b59af036 d88ac7d0 c1847725 e1c4dc1b c5e2ffa0 eafb9280
    0b3aff25 0d1d8826 a2d9330a 0c306edd 3fae0f01 0c0fb533 c126bd37 cac14beb
    5a83ad85 51497704 f1b3366a be4a5577 c8c3166e 2b914e7f c6cc4a9d 43a8a28b
    c8e77d04 5810d06c 5e5dd5c0
  quit
crypto ca certificate chain ASDM_TrustPoint2
 certificate ca 74786a13a9da7ebcb2749b4504d0c091
    3082048f 30820377 a0030201 02021074 786a13a9 da7ebcb2 749b4504 d0c09130
    0d06092a 864886f7 0d01010b 05003081 ad310b30 09060355 04061302 55533115
    ...
    deaedf16 39143f44 6324667b 67517a0d b15282ed fb2522a9 3a055be5 31acd901
    544b5cef 2c6299cd 83fac6f5 171e10dc a8b4dcf8 d63aec59 bfc17c0a e87083ca
    cc24a814 a417e481 1a3ca5ef 3253f28c fdc459c9 5ee478d5 78ef441b db686be6
    5da452b6 061b9435 ff530f56 b65ec0c5 b57cdd
  quit
crypto ca certificate chain ASDM_TrustPoint3
 certificate 009012c03b5630d83f77baceccb2736efd
    30820546 3082042e a0030201 02021100 9012c03b 5630d83f 77bacecc b2736efd
    300d0609 2a864886 f70d0101 0b050030 8190310b 30090603 55040613 02474231
    1b301906 03550408 13124772 65617465 72204d61 6e636865 73746572 3110300e
    06035504 07130753 616c666f 7264311a 30180603 55040a13 11434f4d 4f444f20
    4341204c 696d6974 65643136 30340603 55040313 2d434f4d 4f444f20 52534120
    ...
    72f789f7 e99c0e49 7b91ce9b df8fac98 d022f7bc 638abb2d bcc86454 e251841f
    53628a14 b92d935f a9b1d59a cf618479 596a72ed b7fabc28 ce35edc2 edf3b558
    53ea4f04 ff8d3a76 62a6
  quit
crypto isakmp disconnect-notify
crypto isakmp reload-wait
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 remote-access trustpoint ASDM_TrustPoint3
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 policy 1
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
telnet timeout 5
ssh 192.168.6.0 255.255.254.0 inside
ssh timeout 5
console timeout 0
!
tls-proxy maximum-session 500
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint3 outside
webvpn
 port 4444
 enable outside
 dtls port 4444
 no anyconnect-essentials
 anyconnect image disk0:/anyconnect-win-3.1.05187-k9.pkg 2 regex "Windows NT"
 anyconnect image disk0:/anyconnect-macosx-i386-3.1.05187-k9.pkg 3 regex "Intel Mac OS X"
 anyconnect image disk0:/anyconnect-linux-3.1.05187-k9.pkg 4 regex "Linux"
 anyconnect profiles ANYVPN_client_profile disk0:/any_profile.xml
 anyconnect enable
 tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 dns-server value 192.168.6.7 192.168.6.4
 vpn-tunnel-protocol ssl-client
 default-domain value domain.local
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol l2tp-ipsec
group-policy GroupPolicy_ANYVPN internal
group-policy GroupPolicy_ANYVPN attributes
 wins-server value 192.168.6.7 192.168.6.4
 dns-server value 192.168.6.7 192.168.6.4
 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
 group-lock value ANYVPN
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL-LIST
 default-domain value domain.local
 webvpn
  anyconnect profiles value ANYVPN_client_profile type user
  anyconnect ask none default anyconnect
  customization value FNK

username cadmin password **** encrypted privilege 15
username cadmin attributes
 vpn-group-policy GroupPolicy_ANYVPN
username VPNUSER password **** encrypted
username VPNUSER attributes
 vpn-group-policy GroupPolicy_ANYVPN
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
 group-lock value ANYVPN
 webvpn
  anyconnect profiles value ANYVPN_client_profile type user
tunnel-group DefaultRAGroup general-attributes
 address-pool VPNNET
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group ANYVPN type remote-access
tunnel-group ANYVPN general-attributes
 address-pool (inside) VPNNET
 address-pool VPNNET
 authentication-server-group AD
 authorization-server-group AD
 default-group-policy GroupPolicy_ANYVPN
 authorization-required
 username-from-certificate use-entire-name
tunnel-group ANYVPN webvpn-attributes
 customization FNK
 group-alias ANYVPN enable
!

map-name  memberOf IETF-Radius-Class

ldap attribute-map LDAP-MAP
 no map-name memberOf Group-Policy
 map-name memberOf IETF-Radius-Class

group-policy NOACCESS internal
group-policy NOACCESS attributes
 vpn-simultaneous-logins 0

tunnel-group ANYVPN type remote-access
tunnel-group ANYVPN general-attributes
 address-pool (inside) VPNNET
 address-pool VPNNET
 authentication-server-group AD
 authorization-server-group AD
 ---->> default-group-policy GroupPolicy_ANYVPN
 authorization-required
 username-from-certificate use-entire-name

vpn-simultaneous-logins 3

6|Jun 30 2015|15:37:42|302014|77.50.***.**|59032|94.243.***.**|4444|Teardown TCP connection 9531216 for outside:77.50.174.**/59032 to identity:94.243.***.**/4444 duration 0:00:00 bytes 3112 TCP Reset-I
6|Jun 30 2015|15:37:42|725007|77.50.***.**|59032|||SSL session with client outside:77.50.***.**/59032 terminated.
6|Jun 30 2015|15:37:42|725002|77.50.***.**|59032|||Device completed SSL handshake with client outside:77.50.***.**/59032
6|Jun 30 2015|15:37:42|725001|77.50.***.**|59032|||Starting SSL handshake with client outside:77.50.***.**/59032 for TLSv1 session.
6|Jun 30 2015|15:37:42|302013|77.50.***.**|59032|94.243.***.**|4444|Built inbound TCP connection 9531216 for outside:77.50.***.**/59032 (77.50.***.**/59032) to identity:94.243.***.**/4444 (94.243.***.**/4444)
6|Jun 30 2015|15:37:40|302014|77.50.***.**|59031|94.243.***.**|4444|Teardown TCP connection 9531162 for outside:77.50.***.**/59031 to identity:94.243.***.**/4444 duration 0:00:00 bytes 3779 TCP Reset-I
6|Jun 30 2015|15:37:40|725007|77.50.***.**|59031|||SSL session with client outside:77.50.***.**/59031 terminated.
6|Jun 30 2015|15:37:40|725002|77.50.***.**|59031|||Device completed SSL handshake with client outside:77.50.***.**/59031
6|Jun 30 2015|15:37:40|725001|77.50.***.**|59031|||Starting SSL handshake with client outside:77.50.***.**/59031 for TLSv1 session.
6|Jun 30 2015|15:37:40|302013|77.50.***.**|59031|94.243.***.**|4444|Built inbound TCP connection 9531162 for outside:77.50.***.**/59031 (77.50.***.**/59031) to identity:94.243.***.**/4444 (94.243.***.**/4444)
6|Jun 30 2015|15:37:32|302014|77.50.***.**|59030|94.243.***.**|4444|Teardown TCP connection 9531023 for outside:77.50.***.**/59030 to identity:94.243.***.**/4444 duration 0:00:00 bytes 3722 TCP Reset-I
6|Jun 30 2015|15:37:32|725007|77.50.***.**|59030|||SSL session with client outside:77.50.***.**/59030 terminated.
6|Jun 30 2015|15:37:32|725002|77.50.***.**|59030|||Device completed SSL handshake with client outside:77.50.***.**/59030
6|Jun 30 2015|15:37:32|725001|77.50.***.**|59030|||Starting SSL handshake with client outside:77.50.***.**/59030 for TLSv1 session.
6|Jun 30 2015|15:37:32|302013|77.50.***.**|59030|94.243.***.**|4444|Built inbound TCP connection 9531023 for outside:77.50.***.**/59030 (77.50.***.**/59030) to identity:94.243.***.**/4444 (94.243.***.**/4444)

ldap attribute-map LDAP-MAP
  map-name  memberOf IETF-Radius-Class
  map-value memberOf CN=ra_users,CN=Users,DC=domain,DC=local GroupPolicy_ANYVPN
!
tunnel-group ANYVPN type remote-access
tunnel-group ANYVPN general-attributes
 address-pool (inside) VPNNET
 address-pool VPNNET
 authentication-server-group AD
 authorization-server-group AD
 default-group-policy NOACCESS
 authorization-required
 username-from-certificate use-entire-name
tunnel-group ANYVPN webvpn-attributes
 customization FNK
 group-alias ANYVPN enable
!
group-policy GroupPolicy_ANYVPN internal
group-policy GroupPolicy_ANYVPN attributes
 wins-server value 192.168.6.7 192.168.6.4
 dns-server value 192.168.6.7 192.168.6.4
 vpn-simultaneous-logins 3
 vpn-tunnel-protocol ssl-client
 group-lock value ANYVPN
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL-LIST
 default-domain value domain.local
 webvpn
  anyconnect profiles value ANYVPN_client_profile type user
  anyconnect ask none default anyconnect
  customization value FNK
!
group-policy NOACCESS internal
group-policy NOACCESS attributes
 vpn-simultaneous-logins 0
 vpn-tunnel-protocol ssl-client

ldap attribute-map extensionAttribute1
  map-name  extensionAttribute1 IETF-Radius-Class
  map-value extensionAttribute1 999 GroupPolicy_ANYVPN

aaa-server AD (inside) host 192.168.6.7
 server-port 636
 ldap-base-dn DC=domain, DC=local
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn cn=asa, cn=users, dc=domain, dc=local
 ldap-over-ssl enable
 server-type microsoft
 ldap-attribute-map extensionAttribute1

ldap attribute-map LDAPVPNMAP
  map-name  memberOf IETF-Radius-Class
  map-value memberOf cn=g_vpn,ou=groups,ou=co,ou=npfusers,dc=npf,dc=local VPN_POLICY

aaa-server DC1 protocol ldap
aaa-server DC1 (LAN) host 192.168.200.1
ldap-base-dn ou=IT,ou=co,ou=npfusers,dc=npf,dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ***
ldap-login-dn CN=asa_ldap,ou=IT,ou=co,ou=npfusers,dc=npf,dc=local
server-type auto-detect
ldap-attribute-map LDAPVPNMAP

group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0


object network lan1
 subnet 192.168.200.0 255.255.252.0
object-group network enterprise
 network-object object lan1
access-list SPLIT_TUN extended permit ip object-group enterprise any

group-policy VPN_POLICY internal
group-policy VPN_POLICY attributes
dns-server value 192.168.200.1 192.168.200.2
vpn-simultaneous-logins 100
vpn-idle-timeout 60
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUN


tunnel-group DefaultRAGroup general-attributes
ip local pool vpnpool 192.168.201.1-192.168.201.99 mask 255.255.252.0
authentication-server-group DC1
default-group-policy NOACCESS
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key ***
tunnel-group DefaultRAGroup ppp-attributes
 no authentication pap
 no authentication chap
 authentication ms-chap-v2

713904               Group = DefaultRAGroup, IP = 46.188.37.70, Received encrypted Oakley Main Mode packet with invalid payloads, MessID = 0
713905               Group = DefaultRAGroup, IP = 46.188.37.70, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key.  Switching user to tunnel-group: DefaultL2LGroup
713903               Group = DefaultL2LGroup, IP = 46.188.37.70, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
713201               Group = DefaultL2LGroup, IP = 46.188.37.70, Duplicate Phase 1 packet detected.  Retransmitting last packet.
713905               Group = DefaultL2LGroup, IP = 46.188.37.70, P1 Retransmit msg dispatched to MM FSM
713201               Group = DefaultL2LGroup, IP = 46.188.37.70, Duplicate Phase 1 packet detected.  Retransmitting last packet.
713905               Group = DefaultL2LGroup, IP = 46.188.37.70, P1 Retransmit msg dispatched to MM FSM
713201               Group = DefaultL2LGroup, IP = 46.188.37.70, Duplicate Phase 1 packet detected.  Retransmitting last packet.
713905               Group = DefaultL2LGroup, IP = 46.188.37.70, P1 Retransmit msg dispatched to MM FSM
713904               IP = 46.188.37.70, Received encrypted packet with no matching SA, dropping
302016   46.188.37.70   4500   91.135.154.138   4500   Teardown UDP connection 371725 for WAN:46.188.37.70/4500 to identity:91.135.154.138/4500 duration 0:02:01 bytes 864
302015   46.188.37.70   4500   91.135.154.138   4500   Built inbound UDP connection 372248 for WAN:46.188.37.70/4500 (46.188.37.70/4500) to identity:91.135.154.138/4500 (91.135.154.138/4500)
713904               IP = 46.188.37.70, Received encrypted packet with no matching SA, dropping
713904               IP = 46.188.37.70, Received encrypted packet with no matching SA, dropping
302016   46.188.37.70   500   91.135.154.138   500   Teardown UDP connection 371724 for WAN:46.188.37.70/500 to identity:91.135.154.138/500 duration 0:03:59 bytes 4136
302016   46.188.37.70   4500   91.135.154.138   4500   Teardown UDP connection 372248 for WAN:46.188.37.70/4500 to identity:91.135.154.138/4500 duration 0:02:01 bytes 144

ciscoasa(config)# tunnel-group DefaultRAGroup ipsec-attributes
ciscoasa(config-tunnel-ipsec)# pre-shared-key *************G9Xx}m?
ERROR: % Unrecognized command
ciscoasa(config-tunnel-ipsec)# pre-shared-key *******************G9Xx}mm**********
ciscoasa(config-tunnel-ipsec)#

713122               IP = 46.188.37.70, Keep-alives configured on but peer does not support keep-alives (type = None)
713061               Group = DefaultRAGroup, IP = 46.188.37.70, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 46.188.37.70/255.255.255.255/17/0 local proxy 91.135.154.138/255.255.255.255/17/1701 on interface WAN
713902               Group = DefaultRAGroup, IP = 46.188.37.70, QM FSM error (P2 struct &0x00007f869f3be290, mess id 0x1)!
713902               Group = DefaultRAGroup, IP = 46.188.37.70, Removing peer from correlator table failed, no match!
113019               Group = DefaultRAGroup, Username = , IP = 46.188.37.70, Session disconnected. Session Type: IKEv1, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found

crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto dynamic-map D_MAP 65535 set ikev1 transform-set ESP-3DES-SHA-TRANS
crypto map TEST_MAP 65535 ipsec-isakmp dynamic D_MAP

713122               IP = 46.188.37.70, Keep-alives configured on but peer does not support keep-alives (type = None)
113019               Group = DefaultRAGroup, Username = , IP = 46.188.37.70, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:00m:01s, Bytes xmt: 805, Bytes rcv: 1014, Reason: User Requested

[83] Session Start
[83] New request Session, context 0x00007f869ed61350, reqType = Authentication
[83] Fiber started
[83] Creating LDAP context with uri=ldap://192.168.200.1:389
[83] Connect to LDAP server: ldap://192.168.200.1:389, status = Successful
[83] defaultNamingContext: value = DC=npf,DC=local
[83] supportedLDAPVersion: value = 3
[83] supportedLDAPVersion: value = 2
[83] supportedSASLMechanisms: value = GSSAPI
[83] supportedSASLMechanisms: value = GSS-SPNEGO
[83] supportedSASLMechanisms: value = EXTERNAL
[83] supportedSASLMechanisms: value = DIGEST-MD5
[83] Binding as asa_ldap
[83] Performing Simple authentication for asa_ldap to 192.168.200.1
[83] LDAP Search:
        Base DN = [ou=IT,ou=co,ou=npfusers,dc=npf,dc=local]
        Filter  = [sAMAccountName=NPF\\a*****]
        Scope   = [SUBTREE]
[83] Search result parsing returned failure status
[83] Talking to Active Directory server 192.168.200.1
[83] Reading password policy for NPF\a*****, dn:
[83] Binding as asa_ldap
[83] Performing Simple authentication for asa_ldap to 192.168.200.1
[83] Fiber exit Tx=538 bytes Rx=811 bytes, status=-1
[83] Session End