help with pix 5.1....remote access vpn

mrSS · ‎07-11-2008

trying to set up remote access vpn on a pix 5.1...its not passing phase I from the log...i cant find any sample configs because of the old ios...can anybody assist?

here are my configs

access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5

ip local pool ippool 192.168.1.5

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpdn group vpn3000 client configuration address local ippool

vpdn group vpn3000 client authentication local

vpdn username test password test

vpdn enable outside

part debug from vpn client

19 21:20:25.921 07/11/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 70.10.10.10

20 21:20:30.921 07/11/08 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING

21 21:20:31.421 07/11/08 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING

22 21:20:31.421 07/11/08 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "70.10.10.10" because of "DEL_REASON_PEER_NOT_RESPONDING"

23 21:20:31.421 07/11/08 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

24 21:20:31.452 07/11/08 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

a.alekseev · ‎07-12-2008

try to upgrede to 6.3 or higher...

mrSS · ‎07-12-2008

i would like to but my box dont meet the specs....

pixfirewall# sh ver

Cisco Secure PIX Firewall Version 5.1(4)

Compiled on Mon 02-Oct-00 07:19 by morlee

Finesse Bios V3.3

pixfirewall up 14 hours 41 mins

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz

Flash AT29C040A @ 0x300, 2MB

BIOS Flash AM28F256 @ 0xfffd8000, 32KB

Marwan ALshawi · ‎07-12-2008

try these command but not sure

isakmp client configuration address-pool local ippool outside

AHA BECAREFULL not VPDN group

MAKE it "VPNGROUP"

it should be like

vpngroup vpn3000 address-pool ippool

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password (ur group password)

also add the following

crypto map mymap client authentication LOCAL

and remove all the vpdn commands

good luck

Rate if helpful

mrSS · ‎07-12-2008

yeah, i would like to try the vpngroup....but v5.1 doesnt have that command, just vpdn syntax

a.alekseev · ‎07-13-2008

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/advanced.htm#xtocid20

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/examples.htm#xtocid31

[Pls RATE if HELPS]

mrSS · ‎07-13-2008

thanks, ill take a look...

i always rate....if it helps

thanks again

mrSS · ‎07-13-2008

man, that second link was perfect...but i dont think im going to have any luck...vpn client v1.1, which they use, is very different from 4.0...there are no options in 4.0 to set the security policy...i guess i am out of luck...ill just have to upgrade the pix, if i can...

thanks for everybodys help