Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 VPN change from PPPOE

We have a PIX 501 connected to DSL using PPPOE with outside to inside VPN setup and functioning using the EasyVPN client and a preshared key. We replace the DSL modem with a small router that is now doing the PPOE negociation instead of the nPIX. I have removed the VPDN references to PPPOE:

vpdn group pppoe_group request dialout pppoe

vpdn group pppoe_group localname xxx@sbcglobal.net

vpdn group pppoe_group ppp authentication pap

vpdn username xxx@sbcglobal.net password *********

vpdn username xxx@sbcglobal.net password ********* store-local

vpdn username scott password *********

vpdn username barry password *********

And left in the vpngroup lines:

vpngroup TQA_VPN address-pool CVPN_DHCP

vpngroup TQA_VPN dns-server 10.1.1.99

vpngroup TQA_VPN wins-server 10.1.1.99

vpngroup TQA_VPN default-domain tqa-inc.com

vpngroup TQA_VPN split-tunnel inside_outbound_nat0_acl

vpngroup TQA_VPN idle-time 1800

vpngroup TQA_VPN password ********

What do I need to add/chage to allow VPN access again?

I tried this to no avail:

vpdn group TQA_VPN accept dialin l2tp

vpdn group TQA_VPN l2tp tunnel hello 60

vpdn enable

Barry

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 501 VPN change from PPPOE

Hi,

please enter the following commands on the PIX :

no crypto map outside_dyn_map 20

no vpngroup TQA_VPN1 address-pool vpnpool1

ip local pool vpnpool 192.168.1.1-192.168.1.20

access-list nonat permit ip any 192.168.1.0 255.255.255.0

access-list split permit ip any 192.168.1.0 255.255.255.0

nat (inside) 0 access-list nonat

vpngroup TQA_VPN1 address-pool vpnpool

vpngroup TQA_VPN1 split-tunnel split

That should do it.

*Please rate if helped.

-Kanishka

5 REPLIES
Cisco Employee

Re: PIX 501 VPN change from PPPOE

Hi,

Could you please post the full config.What is the issue you are facing ?

What message you are getting on the client.

-Kanishka

New Member

Re: PIX 501 VPN change from PPPOE

I am now connecting with the VPN client but cannot access any resources. I have attached client log (everything appears O.K.) and the PIX configuration. Note that in the PIX configuration there is an "Incomplete" coment but I don't know why. Also assistance with a split tunnelling statement would be greatly appreciated.

Thanks,

Barry

Cisco Employee

Re: PIX 501 VPN change from PPPOE

Hi,

please enter the following commands on the PIX :

no crypto map outside_dyn_map 20

no vpngroup TQA_VPN1 address-pool vpnpool1

ip local pool vpnpool 192.168.1.1-192.168.1.20

access-list nonat permit ip any 192.168.1.0 255.255.255.0

access-list split permit ip any 192.168.1.0 255.255.255.0

nat (inside) 0 access-list nonat

vpngroup TQA_VPN1 address-pool vpnpool

vpngroup TQA_VPN1 split-tunnel split

That should do it.

*Please rate if helped.

-Kanishka

New Member

Re: PIX 501 VPN change from PPPOE

I won't be able to try this until Sunday night. Thanks for your help. I'll let you know the results then.

Barry

New Member

Re: PIX 501 VPN change from PPPOE

That fixed the Remote Access. Thanks.

145
Views
0
Helpful
5
Replies