PIX 501 VPN HELP NO NETWORK ACCESS!

Unanswered Question
Feb 10th, 2012

I need some help please..

I am trying to connect Windows 7 VPN to L2TP access on the PIX 501. I know that PIX 501 doesn't allow MSCHAP v2. The VPN connects fine but when trying to access the local network and shared drives remote desktop I am not able to connect. I already I have the IPV4 / IPV6 IP Settings on the VPN for use default gateway on remote network unchecked.  Can you please help me configure this correctly if I am configuring incorrectly.

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd ANRIhDDsTteQmCkO encrypted

hostname pixfirewall

domain-name controller.hopto.org

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list out2in permit tcp any interface outside eq www

access-list out2in permit tcp any interface outside eq https

access-list out2in permit tcp any interface outside eq 3074

access-list out2in permit udp any interface outside eq 88

access-list out2in permit udp any interface outside eq 3074

access-list out2in permit udp any interface outside eq domain

access-list out2in permit tcp any interface outside eq domain

access-list out2in permit udp any interface outside eq 1701

access-list nonat permit ip 192.168.1.0 255.255.255.0 172.17.130.0 255.255.255.192

access-list vpn-cryptomap permit ip any 172.17.130.0 255.255.255.0

pager lines 24

logging on

logging timestamp

logging standby

logging buffered informational

logging trap informational

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool l2tp-pool 172.17.130.1-172.17.130.254

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface www 192.168.1.33 www netmask 255.255.255.255 0 0

static (inside,outside) tcp interface https 192.168.1.2 https netmask 255.255.255.255 0 0

static (inside,outside) tcp interface domain 192.168.1.30 domain netmask 255.255.255.255 0 0

static (inside,outside) udp interface domain 192.168.1.30 domain netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 3074 192.168.1.30 3074 netmask 255.255.255.255 0 0

static (inside,outside) udp interface 3074 192.168.1.30 3074 netmask 255.255.255.255 0 0

static (inside,outside) udp interface 88 192.168.1.30 88 netmask 255.255.255.255 0 0

access-group out2in in interface outside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-l2tp

crypto ipsec transform-set cisco-l2tp esp-3des esp-sha-hmac

crypto ipsec transform-set cisco-l2tp mode transport

crypto dynamic-map l2tp 30 set transform-set cisco-l2tp

crypto map dmu 30 ipsec-isakmp dynamic l2tp

crypto map dmu interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp nat-traversal 20

isakmp policy 5 authentication pre-share

isakmp policy 5 encryption 3des

isakmp policy 5 hash sha

isakmp policy 5 group 2

isakmp policy 5 lifetime 28800

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 inside

ssh timeout 15

console timeout 0

vpdn group 2 accept dialin l2tp

vpdn group 2 ppp authentication pap

vpdn group 2 client configuration address local l2tp-pool

vpdn group 2 client authentication local

vpdn group 2 l2tp tunnel hello 60

vpdn username Brandon password *********

vpdn enable outside

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd dns 4.2.2.1 4.2.2.2

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

username Brandon password PX78ZeD.LCbQntqy encrypted privilege 15

terminal width 80

Cryptochecksum:6e43dff6ef4837997276c092f9204707

: end

Thanks,

Brandon

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Discussion

Posted February 10, 2012 at 9:27 PM
Stats:
Replies:0 Avg. Rating:
Views:782 Votes:0
Shares:0
Tags: vpn
+

Related Content

Discussions Leaderboard