Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 520 VPN problem w/IPSEC

I am working on a PIX 520 (v 5.2(2)) and when I try to connect via IPSEC, I get the following error:

The remote peer does not support the required VPN client protocol. Contact your system administrator.

Also, when I try to connect using PPTP, I get connected, however, I can't ping anywhere on the internal network.

HELP!!!

3 REPLIES
Cisco Employee

Re: PIX 520 VPN problem w/IPSEC

Hi,

I guess the PIX is not configured to take IPSec client connections thats why you get that error message. Additionally you want to make sure that the PPTP is let through the PIX and that TCP port 1723 and GRE are allowed to the PIX for PPTP to work aswell. Also make sure you are not coming in from behind a PAT device while connecting to the PIX, it doesn't support that at this time.

Hope this helps,

Regards,

Aamir

-=-

New Member

Re: PIX 520 VPN problem w/IPSEC

Hi,

I just posted the same problem in the current "Ask the Experts" post, so if this is redundant, ignore the other.

I am able to connect with the same config on 506 box. I have checked the configuration about 10 times to make sure I am not forgetting something. This is the pertinent excerpts:

access-list 101 permit ip 172.16.1.0 255.255.255.0 10.10.10.0 255.255.255.0

ip local pool vpn-ip-pool 10.10.10.1-10.10.10.254

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

sysopt connection permit-pptp

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup peii address-pool vpn-ip-pool

vpngroup peii dns-server 172.16.1.235

vpngroup peii default-domain peii.com

vpngroup peii idle-time 1800

vpngroup peii password xxxx

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local vpn-ip-pool

vpdn group 1 client configuration dns 172.16.1.235 172.16.1.245

vpdn group 1 client authentication local

vpdn username XXX password XXXX

vpdn enable outside

New Member

Re: PIX 520 VPN problem w/IPSEC

Sorry, one other thing...

Do I have to have 1723 and GRE open even when the PIX handles the PPTP authentication? See previous msg for config...

Thanks a bunch...

-st

91
Views
0
Helpful
3
Replies