07-11-2008 05:22 PM - edited 02-21-2020 03:49 PM
trying to set up remote access vpn on a pix 5.1...its not passing phase I from the log...i cant find any sample configs because of the old ios...can anybody assist?
here are my configs
access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5
ip local pool ippool 192.168.1.5
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpdn group vpn3000 client configuration address local ippool
vpdn group vpn3000 client authentication local
vpdn username test password test
vpdn enable outside
part debug from vpn client
19 21:20:25.921 07/11/08 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 70.10.10.10
20 21:20:30.921 07/11/08 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING
21 21:20:31.421 07/11/08 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING
22 21:20:31.421 07/11/08 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "70.10.10.10" because of "DEL_REASON_PEER_NOT_RESPONDING"
23 21:20:31.421 07/11/08 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
24 21:20:31.452 07/11/08 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
07-12-2008 03:04 AM
try to upgrede to 6.3 or higher...
07-12-2008 03:17 AM
i would like to but my box dont meet the specs....
pixfirewall# sh ver
Cisco Secure PIX Firewall Version 5.1(4)
Compiled on Mon 02-Oct-00 07:19 by morlee
Finesse Bios V3.3
pixfirewall up 14 hours 41 mins
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz
Flash AT29C040A @ 0x300, 2MB
BIOS Flash AM28F256 @ 0xfffd8000, 32KB
07-12-2008 05:44 AM
try these command but not sure
isakmp client configuration address-pool local ippool outside
AHA BECAREFULL not VPDN group
MAKE it "VPNGROUP"
it should be like
vpngroup vpn3000 address-pool ippool
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password (ur group password)
also add the following
crypto map mymap client authentication LOCAL
and remove all the vpdn commands
good luck
Rate if helpful
07-12-2008 06:03 AM
yeah, i would like to try the vpngroup....but v5.1 doesnt have that command, just vpdn syntax
07-13-2008 01:07 PM
07-13-2008 01:48 PM
thanks, ill take a look...
i always rate....if it helps
thanks again
07-13-2008 05:04 PM
man, that second link was perfect...but i dont think im going to have any luck...vpn client v1.1, which they use, is very different from 4.0...there are no options in 4.0 to set the security policy...i guess i am out of luck...ill just have to upgrade the pix, if i can...
thanks for everybodys help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: