Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problems with VPN client configuration PIX 515E 7.0

Hi,

I have built two different VPN client configurations on a PIX 515E 7.0 and although the config seems exactly the same, one is working fine when the other is failing to make a connection.

I have pasted the config below, the working VPN profile is wccuser and the non-working is switchengineer.

Can anyone see what the problem is? I have also attached the error I get on the logs.

access-list wccuservpn extended permit ip 192.168.0.0 255.255.252.0 172.28.251.0 255.255.255.0

access-list wccuser-splitlist standard permit 192.168.0.0 255.255.252.0

access-list switchengineervpn extended permit ip 172.18.50.0 255.255.255.0 172.28.252.64 255.255.255.192

access-list switchengineer-splitlist standard permit 172.18.50.0 255.255.255.0

ip local pool wccuserpool 172.28.251.1-172.28.251.254 mask 255.255.255.0

ip local pool switchengineerpool 172.28.252.65-172.28.252.126 mask 255.255.255.192

group-policy switchengineerpolicy internal

group-policy switchengineerpolicy attributes

banner value Welcome to Wavecrest SwitchEngineer IPSec VPN

wins-server value 192.168.0.30

dns-server value 192.168.0.30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value switchengineer-splitlist

default-domain value wavecrestcom.co.uk

group-policy wccuserpolicy internal

group-policy wccuserpolicy attributes

banner value Welcome to Wavecrest VPNUSER IPSec VPN

wins-server value 192.168.0.30

dns-server value 192.168.0.30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value wccuser-splitlist

default-domain value wavecrestcom.co.uk

crypto ipsec transform-set 3des esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 3600

crypto dynamic-map wccmap 101 match address wccuservpn

crypto dynamic-map wccmap 101 set transform-set 3des

crypto dynamic-map wccmap 102 match address switchengineervpn

crypto dynamic-map wccmap 102 set transform-set 3des

crypto map Empire 300 ipsec-isakmp dynamic wccmap

crypto map Empire interface VoIP_PI

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp nat-traversal 20

isakmp enable VoIP_PI

tunnel-group switchengineer type ipsec-ra

tunnel-group switchengineer general-attributes

address-pool switchengineerpool

authentication-server-group TACACS

default-group-policy switchengineerpolicy

tunnel-group switchengineer ipsec-attributes

pre-shared-key *

tunnel-group wccuser type ipsec-ra

tunnel-group wccuser general-attributes

address-pool wccuserpool

authentication-server-group TACACS

default-group-policy wccuserpolicy

tunnel-group wccuser ipsec-attributes

pre-shared-key *

Attached is the log file. Note the line:

Can't find a valid tunnel group, aborting...

1 REPLY
New Member

Re: problems with VPN client configuration PIX 515E 7.0

257
Views
0
Helpful
1
Replies
CreatePlease login to create content