Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pix6.2 and VPN Client 3.5 and PDM

I'm testing the VPN client to connect the internal network protected by pix(6.2)

I congiure the Pix with pdm. after config.. I can connect to the pix with vpnclient and client PC can get the ip-pool.

But I could't access to the internal network..access-list

From the "debug icmp tr" command I can find there was a proper packet transfer ... But...


inside_outbound_nat0_acl permit ip

access-list outside_cryptomap_dyn_20 permit ip

access-list outside_cryptomap_dyn_20 permit ip host x.x.x.x

access-list pin permit icmp any any

access-list test_splitTunnelAcl permit ip any

pager lines 24

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x

ip address inside

ip audit info action alarm

ip audit attack action alarm

ip local pool testpool

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside

failover ip address inside

pdm location inside

pdm location inside

pdm history enable

arp timeout 14400

global (outside) 10 x.x.x.190-x.x.x.199

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 10 0 0

access-group pin in interface outside

route outside x.x.x.129 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt noproxyarp outside

no sysopt route dnat

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup test address-pool testpool

vpngroup test split-tunnel test_splitTunnelAcl

vpngroup test idle-time 1800

vpngroup test password ********

Community Member

Re: Pix6.2 and VPN Client 3.5 and PDM

the pool handed to the client cannot be the same network as the internal network reference the following url:

Community Member

Re: Pix6.2 and VPN Client 3.5 and PDM

sorry it isn't I should have looked closer.

the url sent has a sample config.

is there other devices on the internal network also(routers)?

Community Member

Re: Pix6.2 and VPN Client 3.5 and PDM

No.. See the below...

Clinet ---------- Pix -------------Local PC

Community Member

Re: Pix6.2 and VPN Client 3.5 and PDM

Looking at your configuration there seem to be a typo error - your first acl needs to be preceded with the word 'access-list'

CreatePlease to create content