Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems with VPN settings using Pix firewall and VPN clients with preshare

I am trying to configure a virtual private network using a PIX firewall with version 6.1(2) and VPN client version 1.1.

The actual PIX configuration was done using access-list acl_in and access-list acl_out commands and their respective access-group acl_in and access-group acl_out applied to the interfaces where the rule is effective.

Everything works OK with this, but now I need to implement the VPN configuration to receive remote dial-up VPN clients. I am using exactly the configuration that appears at the Configuring PIX-to-VPN Client Wild-card, Pre-shared, No Mode-Config example and it does not work. I am not able to pass traffic across the tunnel, but it seems as if it´s open. While performing debugs it seems that there are no errors with phase 1 and 2 authentication. Also, it appears that I get the IP of my access-list pool address. Could it be a problem with the other access-lists (acl_in and acl_out) that I am using for the other purposes?

What could it be the solution? I have implemented the same using the same VPN client 1.1 but pIx firewall version 5.1 and with conduits instead of access-lists and worked immediatly.

Any suggestion?

Thanks

1 REPLY

Re: Problems with VPN settings using Pix firewall and VPN client

Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

105
Views
0
Helpful
1
Replies