I am trying to create a VPN between 2 locations (site A& site B) on PIX506E and at the same time I am also configuring the same pix for remote VPN users to use Microsoft PPTP VPN to connect to Site A. Can someone please confirm if this config works?
ip address outside <public ip> 255.255.255.240
ip address inside 172.16.1.1 255.255.255.0
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
<VPN config between site A and site B>
<172.16.2.x is the site B LAN range>
access-list nonat permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list outside_cryptomap_vpn1 permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0
sysopt connection permit-ipsec
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
crypto map VCVPN 1 ipsec-isakmp
crypto map VCVPN 1 match address outside_cryptomap_vpn1
crypto map VCVPN 1 set pfs
crypto map VCVPN 1 set peer <remote public ip>
crypto map VCVPN 1 set transform-set vpn1
crypto map VCVPN interface outside
isakmp enable outside
isakmp key ******** address <remote public ip> netmask 255.255.255.255 no-xauth
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 1
isakmp policy 1 lifetime 3200
<VPN config between site A and PPTP users>
access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
ip local pool vpn-clients 192.168.1.10-192.168.1.50 (pool for PPTP clients)
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local vpn-clients
vpdn group 1 client configuration dns <ISP DNS IPs>
vpdn group 1 pptp echo 300
vpdn group 1 client authentication local
vpdn username test password password1
vpdn enable outside
Appreciate your time on this