Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

help with pix 5.1....remote access vpn

trying to set up remote access vpn on a pix 5.1...its not passing phase I from the log...i cant find any sample configs because of the old ios...can anybody assist?

here are my configs

access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5

ip local pool ippool 192.168.1.5

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpdn group vpn3000 client configuration address local ippool

vpdn group vpn3000 client authentication local

vpdn username test password test

vpdn enable outside

part debug from vpn client

19 21:20:25.921 07/11/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 70.10.10.10

20 21:20:30.921 07/11/08 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING

21 21:20:31.421 07/11/08 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=3231146C45A1D30D R_Cookie=2E0C2AA3E260CF4F) reason = DEL_REASON_PEER_NOT_RESPONDING

22 21:20:31.421 07/11/08 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "70.10.10.10" because of "DEL_REASON_PEER_NOT_RESPONDING"

23 21:20:31.421 07/11/08 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

24 21:20:31.452 07/11/08 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

7 REPLIES

Re: help with pix 5.1....remote access vpn

try to upgrede to 6.3 or higher...

New Member

Re: help with pix 5.1....remote access vpn

i would like to but my box dont meet the specs....

pixfirewall# sh ver

Cisco Secure PIX Firewall Version 5.1(4)

Compiled on Mon 02-Oct-00 07:19 by morlee

Finesse Bios V3.3

pixfirewall up 14 hours 41 mins

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz

Flash AT29C040A @ 0x300, 2MB

BIOS Flash AM28F256 @ 0xfffd8000, 32KB

Re: help with pix 5.1....remote access vpn

try these command but not sure

isakmp client configuration address-pool local ippool outside

AHA BECAREFULL not VPDN group

MAKE it "VPNGROUP"

it should be like

vpngroup vpn3000 address-pool ippool

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password (ur group password)

also add the following

crypto map mymap client authentication LOCAL

and remove all the vpdn commands

good luck

Rate if helpful

New Member

Re: help with pix 5.1....remote access vpn

yeah, i would like to try the vpngroup....but v5.1 doesnt have that command, just vpdn syntax

New Member

Re: help with pix 5.1....remote access vpn

thanks, ill take a look...

i always rate....if it helps

thanks again

New Member

Re: help with pix 5.1....remote access vpn

man, that second link was perfect...but i dont think im going to have any luck...vpn client v1.1, which they use, is very different from 4.0...there are no options in 4.0 to set the security policy...i guess i am out of luck...ill just have to upgrade the pix, if i can...

thanks for everybodys help

129
Views
4
Helpful
7
Replies