I have a pix 501 that I am trying to configure for VPN Client access. I am trying to test the following config and it doesn't seem to want to authenticate. I am trying to connect from within the same network just to see if it will authenticate but it will not. I have also tried from work with the same results. Can someone tell me what I am missing? I have looked on many, many websites and can't find an answer. thanks in advance. Following is my config:
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxx encrypted
passwd xxxxxx encrypted
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list 100 permit tcp any any eq pptp
access-list 100 permit udp any any eq 1701
access-list 100 permit udp any any eq 4500
access-list 100 permit tcp any interface outside eq pptp
access-list 100 permit udp any any eq isakmp
access-list acl_out permit tcp any interface outside eq pptp
access-list acl_out permit gre any interface outside
The above configuration setup is on a PIX running 6.2(1) but if your PIX is running 6.3+,then I would suggest you enable NAT Traversal (NAT-T) for ISAKMP. To do this do (in config mode) :
The above command will help when you initiate a VPN client connection from behind another NAT device.
Also, are you trying to allow PPTP & L2TP too? As you don't have the apporiate configuration configured.
I would suggest that you clean up your configuration and start with one service first i.e. VPN client access and then add any other service you require i.e. PPTP or L2TP - If you need help on this let me know. You can re-set your PIX to factory default by issuing:
Thanks for the response. I went to the website that you had posted. I reset everything back to the defaults and modified the basic config to replicate the config on the website. I then tried to access the vpn via the client but still to no avail. I had to reset my config back to the original so that I can access the vpn for work. I'm still at a loss. I had l2tp and pptp added to my original config just to test other vpn connections but none of them seem to work. It looks like the vpn client is being rejected or the security gateway on the pix is not responding. Any ideas as to what could be causing this issue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...