Cisco Support Community
Community Member

Remote VPN problem!

There is a problem between vpn client 4.01 and PIX515E,The PIX version is 7.0

The pix configuration file ,what is the problem ?

pix# sh run

: Saved


PIX Version 7.0(2)



interface Ethernet0

nameif outside

security-level 0

ip address


interface Ethernet1

nameif inside

security-level 100

ip address




boot system flash:/pix702.bin

ftp mode passive

access-list 101 extended permit tcp any host eq www

access-list 101 extended permit tcp any host eq ftp

access-list 158 extended permit ip

access-list split standard permit

pager lines 24

logging enable

logging timestamp

logging standby

mtu outside 1500

mtu inside 1500

ip local pool testpool

no vpn-addr-assign dhcp

monitor-interface outside

monitor-interface inside

asdm image flash:/asdm-504.bin

asdm history enable

arp timeout 14400


global (outside) 1 interface

nat (inside) 0 access-list 158

nat (inside) 1

static (inside,outside) tcp www www netmask

static (inside,outside) tcp ftp ftp netmask

access-group 101 in interface outside

route outside 1

route inside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

group-policy hygp internal

group-policy hygp attributes

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

username hypix password qZYBtyuPGlJNbeT4 encrypted

http server enable

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp

sysopt noproxyarp inside

crypto ipsec transform-set aaades esp-des esp-md5-hmac

crypto dynamic-map dynomap 10 set transform-set aaades

crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap

crypto map vpnpeer interface outside

isakmp enable outside

isakmp policy 8 authentication pre-share

isakmp policy 8 encryption des

isakmp policy 8 hash md5

isakmp policy 8 group 2

isakmp policy 8 lifetime 86400

telnet inside

telnet inside

telnet timeout 5

ssh scopy enable

ssh outside

ssh outside

ssh inside

ssh timeout 10

ssh version 1

console timeout 5

tunnel-group hy type ipsec-ra

tunnel-group hy general-attributes

address-pool testpool

default-group-policy hygp

tunnel-group hy ipsec-attributes

pre-shared-key *


class-map inspection_default

match default-inspection-traffic



policy-map globle_policy

class inspection_default

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect http

inspect netbios

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

policy-map global_plolicy



Re: Remote VPN problem!

just a quick comment.

the vpn client pool should not be overlapped with the pix inside net.

Community Member

Re: Remote VPN problem!


CreatePlease to create content