Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
10
Replies

Remote access VPN pix version 8.0(3)

Go to solution
j-baptistamartins
Level 1
Level 1

‎07-19-2008 02:35 AM - edited ‎02-21-2020 03:50 PM

Hi All

First I would like to thank to all forum members that help me in several posts about pix 515 configuration.

I am trying to configure now a Remote access VPN with radius authentication to my corporate network, but I can't connect.

I am using cisco vpn client 5.0.03.0560., I also tested my radius server authentication from pix (inside) and is working fine.

I already tried to retype the key from cli,but i still can't get the remote access vpn to work.

I also tried to create another remote vpn with another name and local authentication but i get the same problem.

I am using pix version 8.0(3).

Can anyone help-me

I attach the log file from cisco vpn cliente to help troubleshoot the problem, as well a configuration file from pix.

Thank you so much in advance and I will be looking forward for the information.

Labels:
Preview file
3 KB
Preview file
11 KB
0 Helpful
1 Accepted Solution

Accepted Solutions
10 Replies 10

Go to solution
a.alekseev
Level 7
Level 7

‎07-19-2008 06:16 AM

show debug on the PIX

deb crypto isakmp 10

deb crypto ipsec 10

0 Helpful

Go to solution
j-baptistamartins
Level 1
Level 1

‎07-19-2008 06:47 AM

pix show debug command result in the attachment file

thanks

Preview file
12 KB
0 Helpful

Go to solution
a.alekseev
Level 7
Level 7
In response to j-baptistamartins

‎07-19-2008 07:05 AM

try to add

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal

clear crypto isakmp sa

clear crypto ipsec sa

and try again

and show the output

deb crypto isakmp 255

0 Helpful

Go to solution
j-baptistamartins
Level 1
Level 1
In response to a.alekseev

‎07-19-2008 07:21 AM

here it goes

the information requested

Preview file
9 KB
0 Helpful

Go to solution
a.alekseev
Level 7
Level 7
In response to j-baptistamartins

‎07-19-2008 07:50 AM

did you get username and password prompt on the client?

could you test the authentication

test aaa-server authentication my_authent_grp username XXX password XXX

0 Helpful

Go to solution
j-baptistamartins
Level 1
Level 1
In response to a.alekseev

‎07-19-2008 10:05 AM

i tested aaa-server authetication from inside, and it works.

but when i use cisco vpn cliente to access to my corporate network the cliente dosen't ask the username and password for the aaa-server.

0 Helpful

Go to solution
a.alekseev
Level 7
Level 7
In response to j-baptistamartins

‎07-20-2008 02:35 AM

try to remove

no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

clear crypto isakmp sa

0 Helpful

Go to solution
j-baptistamartins
Level 1
Level 1
In response to a.alekseev

‎07-21-2008 09:52 AM

Its working, as soon as i put the PIX Firewall Activation Key for 3des (my mistake), and change the connection to 3des as you posted (a.alekseev) the vpn start working .

The only problem i have is the following to be able to connect to my corporate network i have to use any ip address scope, if i trie to use my internel dhcp server e can't get an ip address to the vpn cliente.

0 Helpful

Go to solution
j-baptistamartins
Level 1
Level 1
In response to a.alekseev

‎07-23-2008 02:42 PM

Thank You for your help now pix is working fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents