Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
1
Replies

problems with VPN client configuration PIX 515E 7.0

anthony.hassiotis
Level 1
Level 1

‎10-03-2006 08:16 AM

Hi,

I have built two different VPN client configurations on a PIX 515E 7.0 and although the config seems exactly the same, one is working fine when the other is failing to make a connection.

I have pasted the config below, the working VPN profile is wccuser and the non-working is switchengineer.

Can anyone see what the problem is? I have also attached the error I get on the logs.

access-list wccuservpn extended permit ip 192.168.0.0 255.255.252.0 172.28.251.0 255.255.255.0

access-list wccuser-splitlist standard permit 192.168.0.0 255.255.252.0

access-list switchengineervpn extended permit ip 172.18.50.0 255.255.255.0 172.28.252.64 255.255.255.192

access-list switchengineer-splitlist standard permit 172.18.50.0 255.255.255.0

ip local pool wccuserpool 172.28.251.1-172.28.251.254 mask 255.255.255.0

ip local pool switchengineerpool 172.28.252.65-172.28.252.126 mask 255.255.255.192

group-policy switchengineerpolicy internal

group-policy switchengineerpolicy attributes

banner value Welcome to Wavecrest SwitchEngineer IPSec VPN

wins-server value 192.168.0.30

dns-server value 192.168.0.30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value switchengineer-splitlist

default-domain value wavecrestcom.co.uk

group-policy wccuserpolicy internal

group-policy wccuserpolicy attributes

banner value Welcome to Wavecrest VPNUSER IPSec VPN

wins-server value 192.168.0.30

dns-server value 192.168.0.30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value wccuser-splitlist

default-domain value wavecrestcom.co.uk

crypto ipsec transform-set 3des esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 3600

crypto dynamic-map wccmap 101 match address wccuservpn

crypto dynamic-map wccmap 101 set transform-set 3des

crypto dynamic-map wccmap 102 match address switchengineervpn

crypto dynamic-map wccmap 102 set transform-set 3des

crypto map Empire 300 ipsec-isakmp dynamic wccmap

crypto map Empire interface VoIP_PI

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp nat-traversal 20

isakmp enable VoIP_PI

tunnel-group switchengineer type ipsec-ra

tunnel-group switchengineer general-attributes

address-pool switchengineerpool

authentication-server-group TACACS

default-group-policy switchengineerpolicy

tunnel-group switchengineer ipsec-attributes

pre-shared-key *

tunnel-group wccuser type ipsec-ra

tunnel-group wccuser general-attributes

address-pool wccuserpool

authentication-server-group TACACS

default-group-policy wccuserpolicy

tunnel-group wccuser ipsec-attributes

pre-shared-key *

Attached is the log file. Note the line:

Can't find a valid tunnel group, aborting...

Labels:
Preview file
5 KB
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents