cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
329
Views
0
Helpful
2
Replies

Problem in Configuring Dynamic VPN in the pix

udayashankarsg
Level 1
Level 1

Hi All,

I am having a problem in configuring a dynamic VPN in my pix which has the 7.2 version of ios but i am able to work with same configuration in the pix whch has 6.3 version i just want a user from outside my network using the vpn client access the resource inside my network below is my configuration is it ok are should i need to do anything more? please advice me.

ip local pool vpnpool1 192.168.170.1-192.168.170.254

crypto dynamic-map map2 20 set transform-set guatemala1

crypto map map1 20 ipsec-isakmp dynamic map2

crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes-256

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup Guatemalavpn address-pool vpnpool1

vpngroup Guatemalavpn split-tunnel inside_nat0_outbound

vpngroup Guatemalavpn idle-time 36000

vpngroup Guatemalavpn password xxxxxxx

access-list outside_acl permit tcp 192.168.170.0 255.255.255.0 172.19.10.0 255.255.255.0

route outside 192.168.170.0 255.255.255.0 200.30.222.65

access-list inside_nat0_outbound extended permit ip any 192.168.170.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0

access-list 102 permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

2 Replies 2

udayashankarsg
Level 1
Level 1

anyone please help me

Try it and tell me if works:

ip local pool vpnpool1 192.168.170.1-192.168.170.254

access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0

access-list acl-inside extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0

access-group acl-inside in interface inside

nat (inside) 0 access-list inside_nat0_outbound

group-policy Guatemalavpn internal

group-policy Guatemalavpn attributes

wins-server value xx.xx.xx.xx

dns-server value xx.xx.xx.xx

default-domain value mydomain.com

crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac

crypto dynamic-map map2 20 set transform-set guatemala1

crypto map map1 20 ipsec-isakmp dynamic map2

crypto map map1 interface outside

crypto isakmp identity address

crypto isakmp enable outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes-256

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

tunnel-group Guatemalavpn type ipsec-ra

tunnel-group Guatemalavpn general-attributes

address-pool vpnpool1

default-group-policy Guatemalavpn

tunnel-group Guatemalavpn ipsec-attributes

pre-shared-key *

route outside 192.168.170.0 255.255.255.0 200.30.222.65

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: