Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Secure Client 1.1 to PIX 506 6.02

Hi, I am connecting a VPN client to a PIX firewall.

When I try to access the internal network of the firewall, the VPN client icon turns green and a symbol a key is shown. I think it is somehow successful. However, when I ping any IP in the internal network, there is no response. The green light of the VPN icon is still on.

What did I miss? Please help!

Thank you very much!!

Regards,

Andrew

1 REPLY
New Member

Re: VPN Secure Client 1.1 to PIX 506 6.02

Below is the PIX setting:

PIX Version 6.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxx

passwd xxxxxx

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

fixup protocol sip udp 5060

names

name 172.20.230.3 mailserver

access-list acl_in permit icmp any any

access-list acl_in permit udp any any eq domain

access-list acl_in permit tcp any any eq ftp

access-list acl_in permit tcp any any eq smtp

access-list acl_in permit tcp any any eq telnet

access-list acl_in permit tcp any any eq pop3

access-list acl_in permit tcp any any eq 102

access-list acl_in permit tcp any any eq ftp-data

access-list acl_in permit tcp any any eq lotusnotes

access-list acl_in permit tcp any any eq https

access-list acl_in permit udp any any eq 443

access-list acl_in permit tcp host mailserver host x.x.x.x eq 102

access-list acl_in permit tcp host mailserver host x.x.x.x eq 102

access-list acl_in permit tcp 172.20.231.0 255.255.255.224 any eq www

access-list acl_out permit icmp any any

access-list acl_out permit tcp any any eq ftp

access-list acl_out permit tcp any any eq telnet

access-list acl_out permit tcp any any eq smtp

access-list acl_out permit udp any any eq domain

access-list acl_out permit tcp any any eq ftp-data

access-list acl_out permit tcp any any eq pop3

access-list acl_out permit tcp host x.x.x.x host mailserver eq 102

access-list acl_out permit tcp host x.x.x.x host mailserver eq 102

pager lines 24

logging on

interface ethernet0 10baset

interface ethernet1 10baset

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x 255.255.255.248

ip address inside 172.20.230.254 255.255.0.0

ip audit info action alarm

ip audit attack action alarm

ip local pool test 172.20.230.200-172.20.232.210

pdm history enable

arp timeout 600

global (outside) 1 x.x.x.x

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) x.x.x.x mailserver netmask 255.255.255.255 0 0

access-group acl_out in interface outside

access-group acl_in in interface inside

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp client configuration address-pool local test outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

telnet mailserver 255.255.255.255 inside

telnet timeout 10

ssh timeout 5

terminal width 80

Cryptochecksum:xxxxxxx

: end

Please help. Thank you very much!

Regards,

Andrew

80
Views
0
Helpful
1
Replies
CreatePlease to create content