cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
325
Views
0
Helpful
1
Replies

The sample from Cisco is not working

ddicky
Level 1
Level 1
1 Reply 1

ddicky
Level 1
Level 1

I'm trying to implement PPTP client and Cisco VPN IPSEC client together.It just cannot co-exist.no comunication thru the network once co-exist.

This is the sample from Cisco website,anybody try it before? as I'm using latest version 6.3

PIX Version 5.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxx encrypted

passwd xxxxxxencrypted

hostname goss-515A

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

access-list 101 permit ip 10.99.99.0 255.255.255.0 192.168.1.0 255.255.255.0

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

no logging buffered

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside 172.18.124.152 255.255.255.0

ip address inside 10.99.99.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool bigpool 192.168.1.1-192.168.1.254

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

arp timeout 14400

nat (inside) 0 access-list 101

route outside 0.0.0.0 0.0.0.0 172.18.124.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00

h323 0:05:00 sip 0:30:00

sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-pptp

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap interface outside

isakmp enable outside

!--- CiscoSecure_VPNClient_key.

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp client configuration address-pool local bigpool outside

!--- ISAKMP Policy for Cisco VPN Client 2.5 or

!--- CiscoSecure VPN Client 1.1.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

!--- The 1.1 and 2.5 clients use Diffie-Hellman (D-H)

!--- group 1 policy (PIX default).

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

!

!--- ISAKMP Policy for VPN Client 3.0.

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

!--- The 3.0 clients use D-H group 2 policy

!--- and PIX 6.0 code.

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup vpn3000-all address-pool bigpool

vpngroup vpn3000-all dns-server 10.99.99.99

vpngroup vpn3000-all wins-server 10.99.99.99

vpngroup vpn3000-all default-domain password

vpngroup vpn3000-all idle-time 1800

!--- VPN 3000 group_name and group_password.

vpngroup vpn3000-all password ********

telnet timeout 5

ssh timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local bigpool

vpdn group 1 client authentication local

!--- PPTP username and password.

vpdn username x password x

vpdn enable outside

terminal width 80

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: