help with pix 5.1....remote access vpn

Unanswered Question
Jul 11th, 2008
User Badges:

trying to set up remote access vpn on a pix 5.1...its not passing phase I from the log...i cant find any sample configs because of the old ios...can anybody assist?


here are my configs





access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5


ip local pool ippool 192.168.1.5


nat (inside) 0 access-list 101


sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400


vpdn group vpn3000 client configuration address local ippool

vpdn group vpn3000 client authentication local

vpdn username test password test

vpdn enable outside




part debug from vpn client


19 21:20:25.921 07/11/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 70.10.10.10


20 21:20:30.921 07/11/08 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING


21 21:20:31.421 07/11/08 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING


22 21:20:31.421 07/11/08 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "70.10.10.10" because of "DEL_REASON_PEER_NOT_RESPONDING"


23 21:20:31.421 07/11/08 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv


24 21:20:31.452 07/11/08 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
a.alekseev Sat, 07/12/2008 - 03:04
User Badges:
  • Gold, 750 points or more

try to upgrede to 6.3 or higher...

szajihsaniatan Sat, 07/12/2008 - 03:17
User Badges:

i would like to but my box dont meet the specs....


pixfirewall# sh ver


Cisco Secure PIX Firewall Version 5.1(4)

Compiled on Mon 02-Oct-00 07:19 by morlee

Finesse Bios V3.3


pixfirewall up 14 hours 41 mins


Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz

Flash AT29C040A @ 0x300, 2MB

BIOS Flash AM28F256 @ 0xfffd8000, 32KB

Marwan ALshawi Sat, 07/12/2008 - 05:44
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try these command but not sure


isakmp client configuration address-pool local ippool outside


AHA BECAREFULL not VPDN group

MAKE it "VPNGROUP"

it should be like


vpngroup vpn3000 address-pool ippool

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password (ur group password)


also add the following

crypto map mymap client authentication LOCAL


and remove all the vpdn commands


good luck


Rate if helpful

szajihsaniatan Sat, 07/12/2008 - 06:03
User Badges:

yeah, i would like to try the vpngroup....but v5.1 doesnt have that command, just vpdn syntax

szajihsaniatan Sun, 07/13/2008 - 13:48
User Badges:

thanks, ill take a look...


i always rate....if it helps


thanks again

szajihsaniatan Sun, 07/13/2008 - 17:04
User Badges:

man, that second link was perfect...but i dont think im going to have any luck...vpn client v1.1, which they use, is very different from 4.0...there are no options in 4.0 to set the security policy...i guess i am out of luck...ill just have to upgrade the pix, if i can...


thanks for everybodys help

Actions

This Discussion