Remote access VPN pix version 8.0(3)

Answered Question
Jul 19th, 2008
User Badges:

Hi All

First I would like to thank to all forum members that help me in several posts about pix 515 configuration.

I am trying to configure now a Remote access VPN with radius authentication to my corporate network, but I can't connect.

I am using cisco vpn client, I also tested my radius server authentication from pix (inside) and is working fine.

I already tried to retype the key from cli,but i still can't get the remote access vpn to work.

I also tried to create another remote vpn with another name and local authentication but i get the same problem.

I am using pix version 8.0(3).

Can anyone help-me

I attach the log file from cisco vpn cliente to help troubleshoot the problem, as well a configuration file from pix.

Thank you so much in advance and I will be looking forward for the information.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
a.alekseev Sat, 07/19/2008 - 06:16
User Badges:
  • Gold, 750 points or more

show debug on the PIX

deb crypto isakmp 10

deb crypto ipsec 10

a.alekseev Sat, 07/19/2008 - 07:05
User Badges:
  • Gold, 750 points or more

try to add

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal

clear crypto isakmp sa

clear crypto ipsec sa

and try again

and show the output

deb crypto isakmp 255

a.alekseev Sat, 07/19/2008 - 07:50
User Badges:
  • Gold, 750 points or more

did you get username and password prompt on the client?

could you test the authentication

test aaa-server authentication my_authent_grp username XXX password XXX

j-baptistamartins Sat, 07/19/2008 - 10:05
User Badges:

i tested aaa-server authetication from inside, and it works.

but when i use cisco vpn cliente to access to my corporate network the cliente dosen't ask the username and password for the aaa-server.

a.alekseev Sun, 07/20/2008 - 02:35
User Badges:
  • Gold, 750 points or more

try to remove

no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

clear crypto isakmp sa

j-baptistamartins Mon, 07/21/2008 - 09:52
User Badges:

Its working, as soon as i put the PIX Firewall Activation Key for 3des (my mistake), and change the connection to 3des as you posted (a.alekseev) the vpn start working .

The only problem i have is the following to be able to connect to my corporate network i have to use any ip address scope, if i trie to use my internel dhcp server e can't get an ip address to the vpn cliente.


This Discussion