Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
yeo
New Member

problem with new vpn clients on pix 515

I have several users on an old vpn client. 3.5.1. I know this is old but I have been unable to get the newer versions to connect to my PIX515. I am trying to use 3.5.4 and I am able to get the clients to connect but they can not talk to any thing on our network. For example:

I have 2 machines outside the network on the internet. Neither machine can ping any machine on the inside of our network. If I start up the 3.5.1 client I can ping and use outlook to get to our exchange server. If I start up the 3.5.4 client I can ping machines on the inside but can not use any applicaitons. ???

My configuation looks like this:

access-list 110 permit ip 65.167.124.128 255.255.255.128 192.168.110.0 255.255.255.0

access-list 100 permit ip 65.167.124.128 255.255.255.128 192.168.110.0 255.255.255.0

nat (inside) 0 access-list 100

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpn3000 address-pool vpnpool

vpngroup vpn3000 dns-server adc002

vpngroup vpn3000 split-tunnel 110

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password ********

Any idea why this setup will work for older clients but not the newer ones.

Thanks,

Kevin

3 REPLIES
New Member

Re: problem with new vpn clients on pix 515

If you have double checked the configs on the vpn clients and they are the same, I would suggest capturing a sniffer trace on the line to see what is happening to the packets. You may want to contact the TAC if you need help reading the sniffer file.

New Member

Re: problem with new vpn clients on pix 515

I don't see a WINS or default domain entry here - is this something that you specifically wished to exclude? Could be a basic lookup issue.

vpngroup vpn3000 wins-server xx.xx.xx.xx

vpngroup vpn3000 default-domain ****.com

-src

yeo
New Member

Re: problem with new vpn clients on pix 515

This looks to be the culprit. I don't understand exactly how this would work for the older clients but not the new ones. As soon as I added the commadn it worked like a charm. Thanks

Kevin

80
Views
0
Helpful
3
Replies
CreatePlease to create content