I have had this strange VPN problem for a while and cant figure out whats wrong with the config. What we are trying to do is to get 2 pix to contivity connections working and also IPSEC vpn connection with radius authentication. All of these work separately just fine, but when i try to add them all to the config only one of them work and others dont connect or even try to.
here is the config, IP's changed and left out some static and access list entries but as said all of them do work separately just fine.
Tried this and it still work the same way, this thing is driving me insane, the configurastion works if there is any single one of them in the configuration OR if i first set up the pix to contivity connection and try it so it will establish it, then create the client vpn side. Well it works for a while but then it just stops work after x minutes.
I did try to create the same VPN using the PDM and the results were same as the configuration above (the lines it made were nearly identical exept of some access-list namings it made.
The pix is running version 6.2(2) and PDM is version 2.1(1).
could it be perhaps the version of pix that make it work like this ?
I agree with the first recommendation even it's not currently the problem. That is you should use separate ACLs for NAT 0 and split-tunnel. Anyway....
Have you tried using the [no-xauth] and [no-config-mode ] options for your peer-to-peer connections when defining their keys? Maybe the Pix is trying to do user authentication and IP negotiation with your peers when you throw in the dynamic configuration for clients.
Other than that, I don't see any problems. The Pix can support multiple types of connections on a single interface using sequence numbers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :