VPN on PIX506E

Unanswered Question
Dec 7th, 2007

I am trying to create a VPN between 2 locations (site A& site B) on PIX506E and at the same time I am also configuring the same pix for remote VPN users to use Microsoft PPTP VPN to connect to Site A. Can someone please confirm if this config works?

ip address outside <public ip>

ip address inside

nat (inside) 0 access-list nonat

nat (inside) 1

global (outside) 1 interface

<VPN config between site A and site B>

<172.16.2.x is the site B LAN range>

access-list nonat permit ip

access-list outside_cryptomap_vpn1 permit ip

sysopt connection permit-ipsec

crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac

crypto map VCVPN 1 ipsec-isakmp

crypto map VCVPN 1 match address outside_cryptomap_vpn1

crypto map VCVPN 1 set pfs

crypto map VCVPN 1 set peer <remote public ip>

crypto map VCVPN 1 set transform-set vpn1

crypto map VCVPN interface outside

isakmp enable outside

isakmp key ******** address <remote public ip> netmask no-xauth

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 1

isakmp policy 1 lifetime 3200

<VPN config between site A and PPTP users>

access-list nonat permit ip

ip local pool vpn-clients (pool for PPTP clients)

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local vpn-clients

vpdn group 1 client configuration dns <ISP DNS IPs>

vpdn group 1 pptp echo 300

vpdn group 1 client authentication local

vpdn username test password password1

vpdn enable outside

Appreciate your time on this

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
techtips03 Mon, 12/10/2007 - 08:39

Please ignore this post. I installed this yesterday and it is looking good for now. This may help for someone who want to install in the same manner


This Discussion