×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Remote vpn problem with Pix501

Unanswered Question
Dec 5th, 2006
User Badges:

We have successfully created vpn connection, but data doesn't move and we cannot ping any computers on the network?

What is wrong with my configuration?


PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxx

passwd xxx

hostname pixfirewall

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 192.168.1.0 NAT

access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

pager lines 60

logging on

logging console debugging

mtu outside 1500

mtu inside 1500

ip address outside 83.x.x.212 255.255.255.0

ip address inside 10.10.10.150 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool 10.10.12.1-10.10.12.240

pdm location 83.145.x.x.255.255.255 outside

pdm location 10.10.10.0 255.255.255.0 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 83.145.227.254 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http NAT 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpn3000 address-pool ippool

vpngroup vpn3000 dns-server 10.10.10.2

vpngroup vpn3000 wins-server 10.10.10.2

vpngroup vpn3000 default-domain cisco.com

vpngroup vpn3000 split-tunnel 101

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password ********

telnet timeout 5

ssh 83.145.x.x.255.255.0 outside

ssh 83.145.x.x.255.255.0 inside

ssh timeout 5

console timeout 0

terminal width 120

Cryptochecksum:4xxx


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
haddaralsaqqaf Tue, 12/05/2006 - 03:53
User Badges:

The access-list 101 is permitting 10.1.2.0/24

and pool for the client is 10.10.12.0/24 you should allow the 10.10.12.0/24



matarvai81 Tue, 12/05/2006 - 05:15
User Badges:

I changed that, but didn't help. After I powered off pix and powered on again I did get the Vpn connection to work. However somehow I cannot use Pdm or SSH to connect to Pix, but that really isn't a problem. Thanks!

Actions

This Discussion