easy vpn server pix515e

binoyjosephstanly · ‎01-03-2006

dear all,

i hv configured easy vpn server on pix 515e. i am able to connect to the server only some time thru the vpn client software. my config is attached. Lan ip is 192.5.15.0 and ip pool is 192.5.15.210 to 192.5.15.230.

the crypto map acl's created automatically was 192.5.15.192 255.255.255.192. then i couldnt ping. i changed it to 192.5.15.0 insteadt of 192.

plz help

regds

Savad

spremkumar · ‎01-03-2006

Hi

Do clarify about the exact connectivity problem whether ur facing intermittent issues in getting connected to the PIX F/W (VPN server) itself or to the internal servers ?

If yes what kinda error logs ur seeing on both the Firewall side as well as on the VPN Client..

regds

binoyjosephstanly · ‎01-03-2006

hi,

With the current pix config ,cisco vpn client software is working and i am getting QM_IDL status and client is able to ping to the internal server.

But i hv 877 router trying to esablish tunnel to pix515e and it couldnot. i am getting status AG_INIT_EXCH while user tries thru 877 router. After configuring pix as VPN server thru vpn wizard dynamic ACL's r created which i didnt understand. plz advise wat config changes required to solve issue.

thanks savad

jackko · ‎01-03-2006

192.5.15.x should never be deployed as private subnet ip scheme. refers to rfc 1918 http://www.faqs.org/rfcs/rfc1918.html

regarding the remote vpn issue, again i believe it's related to the ip scheme. regardless you decide to stay with the 192.5.15.x subnet or not, the vpn client pool should never overlap the private subnet.

binoyjosephstanly · ‎01-04-2006

hi jackko,

i hv explained and attched the config files in above post . plz help

regds

Savad

jackko · ‎01-10-2006

just wondering how you go. have you modify the vpn client pool on the pix?