Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 506 E (6.2.2) and VPN client 3.5.4 (Win 98ME) problems

Hi All,

I have a problem with the configuration of the VPN, The same configuration on a PIX 515 has no problems.

I have turned on the deb crypto isakmp, but no packet are received from the pix.

Consider that I am using the pix to browsing internet and the pix is reacheble from internet using the SSH

The pix configuration:

access-list 130 permit ip

ip local pool vpndevice

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set device esp-des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set device

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp client configuration address-pool local vpndevice outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

vpngroup test address-pool vpndevice

vpngroup test dns-server XX.XX.XX.XX

vpngroup test default-domain XXXXXXXX

vpngroup test idle-time 1800

vpngroup test password XXXXXXXX

Thanks a lot


Re: PIX 506 E (6.2.2) and VPN client 3.5.4 (Win 98ME) problems


please post your complete pix config, your above crypto config looks good.

check the following:

1 - make sure that you have - nat (inside) 0 access-list 130

2 - make sure that all your PCs sitting behind the pix point to it as default gw

or know how to reach to network.

3- if u have any acl on the inside interface, make sure permit your traffic.



New Member

Re: PIX 506 E (6.2.2) and VPN client 3.5.4 (Win 98ME) problems

Hi Afaq,

on client side it seems that the peer does not responding,

on server side enabling the crypto isakamp no packet are received-

I have enabled the ipsec on outside interface..

Would you tell me if ther are some command that I can digit to enable the debug message on ssh remote terminal?

Ok for the nat access list,

no problems for the pc behind the firewaa, because no key are exchange, so I suppose the problems cames first.

Non acl on inside interface....

Let me know as soon as possible

Bye GV

CreatePlease to create content