Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Establish VPN through an 801

I have configured a PIX 501 to establish a vpn through a a 801 to another PIX 501. My problem is that the tunnel seems to come up OK but I am unable to sent any data through the tunnel.. Configs are below the Router is running 12.3 and the PIX is running 6.2(2). The router is connected to my ISP and obtains a ip address automatically, so I have to us PAT. IOS 12.3 is supposed to be able to provide PAT support for IPSec, so I assume that this is not the problem. All assistance greatly appreciated.

Router (801)

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ###########

!

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 192.168.6.1 255.255.255.0

ip nat inside

!

interface BRI0

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

ppp authentication chap callin

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name dialconnect

dialer idle-timeout 600

dialer string #############

dialer-group 1

ppp authentication chap callin

ppp chap hostname ###################

ppp chap password ###################

!

ip nat inside source list 101 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

!

!

access-list 101 permit ip 192.168.6.0 0.0.0.255 any

access-list 101 permit gre any any

dialer-list 1 protocol ip list 101

!

line con 0

password

login

stopbits 1

line vty 0 4

password

login

!

no rcapi server

PIX (501)

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password ################

passwd #############

hostname ###########

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

name ########### centralpix

name 192.168.6.1 router

access-list 110 permit ip 10.0.6.0 255.255.255.0 10.0.0.0 255.255.255.0

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 192.168.6.2 255.255.255.0

ip address inside 10.0.6.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 110

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 router 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set strong esp-des esp-md5-hmac

crypto map newmap 20 ipsec-isakmp

crypto map newmap 20 match address 110

crypto map newmap 20 set peer centralpix

crypto map newmap 20 set transform-set strong

crypto map newmap interface outside

isakmp enable outside

isakmp key ******** address centralpix netmask 255.255.255.255

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 1000

telnet 10.0.6.0 255.255.255.0 inside

telnet timeout 10

dhcpd address 10.0.6.50-10.0.6.81 inside

dhcpd lease 604800

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80

  • Other Security Subjects
1 REPLY
New Member

Re: Establish VPN through an 801

I slight err on my behalf the problem is now fixed.

77
Views
0
Helpful
1
Replies
This widget could not be displayed.