Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
4
Helpful
5
Replies

configuring PDM on 515E 6.3(4)

silverfoxx
Level 1
Level 1

‎03-01-2006 05:55 AM - edited ‎03-09-2019 02:06 PM

i have just configured PDM on my 515E ver 6.3(4), but when the PDM is starting up it displays a message "unsupported commmand found" and the message is

"PDM does not support multiple uses of a given Access Control List"

can anyone help me here.

Labels:
0 Helpful
5 Replies 5

mpalardy
Level 3
Level 3

‎03-01-2006 06:51 AM

Any duplicated entries for a specific access-list in the pix configuration?... Check this into nat, aaa, access-group, vpn, etc...

0 Helpful

silverfoxx
Level 1
Level 1
In response to mpalardy

‎03-01-2006 09:03 PM

hey,

i have the following as you mentioned

-----------------------------------------

nat (inside) 0 access-list vpnis

nat (inside) 1 172.16.0.0 255.255.0.0 0 0

-----------------------------------------

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa-server radius protocol radius

aaa-server radius max-failed-attempts 3

aaa-server radius deadtime 10

----------------------------------------

access-group acl_out in interface outside

access-group acl_inside in interface inside

----------------------------------------

vpngroup vpndes idle-time 1800

vpngroup vpnis address-pool bigpool

vpngroup vpnis dns-server 172.16.1.20

vpngroup vpnis wins-server 172.16.1.10

vpngroup vpnis default-domain domain.com

vpngroup vpnis idle-time 1800

vpngroup vpnis password (password)

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local bigpool

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username vpnis password (password)

vpdn enable outside

-------------------------------------------

everything looks okay and everything is running

0 Helpful

jsteffensen
Level 1
Level 1
In response to silverfoxx

‎03-02-2006 03:04 AM

Hi

The errormessage is commonly displayes when you are using one access-list for two purposes:

Like the Vpnis used for

- nonat (nat 0)

AND

- to specify the traffic wich should be encrypted.

Split this up in two different access-list one named ex: "nonat" and the other ex."ipsec" with the same IP address space.

The "nonat" ACL should then be used to the nat (0) statement,

The "ipsec" ACL should then be used to specify the encrypted traffic.

This will solve your problem.

Greetings

Jarle

silverfoxx
Level 1
Level 1
In response to jsteffensen

‎03-03-2006 02:30 AM

thanks, but just curious. if everything is running okay and i don't see any problems on the pix meaning everything works as it's suppose to be then why does PDM has a problem is understanding this configuration.

Does it mean that there is a problem and i am not yet aware of it or will it make a problem which i cannot forecast???

0 Helpful

jsteffensen
Level 1
Level 1
In response to silverfoxx

‎03-03-2006 02:48 AM

Hi

There is no error on the configuration. PDM just dont support it, and needs different access-list for the different "tasks".

You can keep it as it is, but I believe this limit the PDM functionality. There is no Firewall config error, in fact before PDM was introduced you saved configuration-lines by using the same acl for different tasks....

Use 2 different access-list names and your PDM-Problem is solved.

Greetings

Jarle

0 Helpful
Customers Also Viewed These Support Documents