Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

The Internal Clients couldn't connect to VPN Clients

Hello, my internal clients on my PIX 501 UL couldn't connect to VPN clients. No response when I ping. I tried with Windows XP SP2 Clients and used Cisco Client VPN 4.6

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password *********** encrypted

passwd *********** encrypted

hostname CiscoPIX

domain-name ***********.local

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list VPNClients_splitTunnelAcl permit ip any any

access-list inside_outbound_nat0_acl permit ip any 192.168.1.128 255.255.255.192

access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.128 255.255.255.192

access-list inside_access_in permit ip any any

pager lines 24

icmp deny any outside

mtu outside 1500

mtu inside 1500

ip address outside 195.195.195.3 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool VPN 192.168.1.150-192.168.1.169

pdm location 192.168.1.128 255.255.255.255 inside

pdm location 192.168.1.128 255.255.255.192 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group inside_access_in in interface inside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.128 255.255.255.192 outside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map client authentication LOCAL

crypto map outside_map interface outside

isakmp enable outside

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup VPNClients address-pool VPN

vpngroup VPNClients split-tunnel VPNClients_splitTunnelAcl

vpngroup VPNClients idle-time 1800

vpngroup VPNClients password ********

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.15-192.168.1.150 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain ***********.local

dhcpd auto_config outside

dhcpd enable inside

username Gilgameshan password *********** encrypted privilege 15

terminal width 80

Cryptochecksum:xxx

: end

1 REPLY
Silver

Re: The Internal Clients couldn't connect to VPN Clients

Check whether VPN clients are able to connect internal clients, If so check for the AAA authentication issue. Also you use sniffer trace.

126
Views
0
Helpful
1
Replies