Pix 501 Road Warrior config...

Unanswered Question
Mar 25th, 2008

I am trying to setup a PIX 501 so that remote users can dial in to access then network. I used a sample config to create my current config and would like anyone to point out errors or make suggestions. I have attached my config. I would appreciate any help.

Local network = 192.168.3.0/24

PIX LAN IP = 192.168.3.12

Also, do you have to use the Cisco VPN Client to connect or can you use the built in XP/Vista L2TP client? The built in client ask for a username, password and domain and I was not sure what to put in that case since I am connecting to a VPN appliance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
i-kendall Sun, 03/30/2008 - 08:23

At first glance, the problem is the line crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

This stops the remote clients attaching as they do not match the access list when they first connect. Leave this line out and see if that is any better. Let me know and I will look more closely if it still does not work.

You could do L2TP, but I always think IPSEC with the client is more secure and is easy to configure on the client end, just install the client software, import the profile and click.

i-kendall Sun, 03/30/2008 - 08:26

Also noticed that you have no

isakmp key ******** address 0.0.0.0 netmask 255.255.255.255 no-xauth

command.

Actions

This Discussion