Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
3
Replies

Pix 501 Vpn Client

dcristoni
Level 1
Level 1

‎12-16-2002 08:31 AM - edited ‎02-21-2020 12:14 PM

I try to connect with Vpn Client Cisco or Vpn Client Microsoft to Cisco Pix 501 but without success.

The connection is established but the data don't pass through the Vpn tunnel.

I don't reach the host in interface inside.

This is my configuration:

Pix# sh conf

: Saved

: Written by enable_15 at 09:37:19.986 UTC Fri Dec 6 2002

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname Test

domain-name test.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list acl_in permit icmp any any

access-list acl_in permit tcp any any

access-list acl_in permit udp any any

access-list acl_in permit gre any any

access-list acl_out permit icmp any any

access-list acl_out permit tcp any host x.x.x.x eq smtp

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x 255.255.255.248

ip address inside 192.9.200.106 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip audit info action alarm

ip audit attack action alarm

ip local pool ip-pool 192.9.200.200-192.9.200.210

pdm location 192.9.200.104 255.255.255.255 inside

pdm location 192.9.200.127 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 x.x.x.x

nat (inside) 1 192.9.200.0 255.255.255.0 0 0

static (inside,outside) x.x.x.x 192.9.200.104 netmask 255.255.255.255 0 0

access-group acl_out in interface outside

access-group acl_in in interface inside

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.9.200.104 255.255.255.255 inside

http 192.9.200.127 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-pptp

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynamap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynamap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpn address-pool ip-pool

vpngroup vpn dns-server 192.9.200.104

vpngroup vpn default-domain test.com

vpngroup vpn idle-time 1800

vpngroup vpn password ********

telnet 192.9.200.127 255.255.255.255 inside

telnet 192.9.200.104 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 client configuration address local ip-pool

vpdn group 1 client configuration dns 192.9.200.104

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username vpn password ********

vpdn enable outside

terminal width 80

The network 192.9.200.0 255.255.255.0 is a private network.

Thanks

Labels:
0 Helpful
3 Replies 3

tvanginneken
Level 4
Level 4

‎12-16-2002 08:54 AM

Hi,

is there a router on your outside interface? If so, does it forward incoming IPSec packets (esp) to the outside interface of the pix?

Kind Regards,

Tom

0 Helpful

dcristoni
Level 1
Level 1
In response to tvanginneken

‎12-16-2002 11:32 AM

Hi,

Yes,there is router of Telecom Communications,I don't know the router configuration.

Best Regards.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to dcristoni

‎12-16-2002 12:15 PM

Hi,

You have to configure a NAT (inside) 0 command to bypass NAT for the IPSec and PPTP Connection. And you can follow the below URL for the same:

http://www.cisco.com/warp/public/110/pix3000.html

And regarding your local pool, it is always a good practice to assign a different range for the remote users.

Regards,

Arul

0 Helpful
Customers Also Viewed These Support Documents