Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote access VPN pix version 8.0(3)

Hi All

First I would like to thank to all forum members that help me in several posts about pix 515 configuration.

I am trying to configure now a Remote access VPN with radius authentication to my corporate network, but I can't connect.

I am using cisco vpn client 5.0.03.0560., I also tested my radius server authentication from pix (inside) and is working fine.

I already tried to retype the key from cli,but i still can't get the remote access vpn to work.

I also tried to create another remote vpn with another name and local authentication but i get the same problem.

I am using pix version 8.0(3).

Can anyone help-me

I attach the log file from cisco vpn cliente to help troubleshoot the problem, as well a configuration file from pix.

Thank you so much in advance and I will be looking forward for the information.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Remote access VPN pix version 8.0(3)

10 REPLIES

Re: Remote access VPN pix version 8.0(3)

show debug on the PIX

deb crypto isakmp 10

deb crypto ipsec 10

New Member

Re: Remote access VPN pix version 8.0(3)

pix show debug command result in the attachment file

thanks

Re: Remote access VPN pix version 8.0(3)

try to add

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal

clear crypto isakmp sa

clear crypto ipsec sa

and try again

and show the output

deb crypto isakmp 255

New Member

Re: Remote access VPN pix version 8.0(3)

here it goes

the information requested

Re: Remote access VPN pix version 8.0(3)

did you get username and password prompt on the client?

could you test the authentication

test aaa-server authentication my_authent_grp username XXX password XXX

New Member

Re: Remote access VPN pix version 8.0(3)

i tested aaa-server authetication from inside, and it works.

but when i use cisco vpn cliente to access to my corporate network the cliente dosen't ask the username and password for the aaa-server.

Re: Remote access VPN pix version 8.0(3)

try to remove

no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

clear crypto isakmp sa

New Member

Re: Remote access VPN pix version 8.0(3)

Its working, as soon as i put the PIX Firewall Activation Key for 3des (my mistake), and change the connection to 3des as you posted (a.alekseev) the vpn start working .

The only problem i have is the following to be able to connect to my corporate network i have to use any ip address scope, if i trie to use my internel dhcp server e can't get an ip address to the vpn cliente.

Re: Remote access VPN pix version 8.0(3)

New Member

Re: Remote access VPN pix version 8.0(3)

Thank You for your help now pix is working fine.

196
Views
0
Helpful
10
Replies