Ok, I thought that I had setup everything I would need for a user to access my network behind a PIX 515e but I guess not.
I basically gave inside and outside ports ip adds on their respective subnets. Created some ACL's applied these to a group and gave a user access to this group. Thats it.
I then pointed the VPN client towards the outside IP and it looks likes its about to connect but then I get a reason 412 error "remote peer no longer responding" I have seen some posts about a port 500 not being open but have no idea how to do this, I am still really new at all of this.
I finally have the connection up but am having some difficulty pinging across.
I connect and it gives local area connection 2 an IP address of the inside network. I can ping from inside PC to outside PC (outside PC's local area connection 2) but I can't ping in from outside. I have the ACL for the user as following:
access-l test ext permit ip 220.127.116.11 255.255.255.0 any
access-l test ext permit ip any 18.104.22.168 255.255.255.0
I am not sure if it is this or a NAT problem, thanks for the help.
I prefer to use the sysopt connection permit-ipsec option to accept ipsec connections from most anywhere, this keeps me from fowling up VPN connectivity should I mess up an ACL. As well as I do not have a lot of control where clients want to connect from. This does not allow any user without the correct credentials access to your network, just an opportunity to connect to the VPN server on the specific IPSec required ports.
This allows IP ports 50,51 (ESP and AH)and UDP 500 (IKE) to connect to the VPN server (PIX or ASA).
Did you set up a NAT pool for clients? You may want to do this if you need the IP traffic to return to the client via this VPN server in the event there may be some asymetric routing paths.
If you are running 7.x+ code and ASDM 6.x+, the VPN remote client wizard pretty much takes out any of the guess work with this.
I will attempt to try out your ideas. I tried to use the GUI but I could connect only about 1 of 3 times and then when changes were to be updated it couldn't see the PIX for some reason.
Right now I have just have 2 PC's, one on the outside and one on the inside. I am just trying to set it up before I try to place it in the real network. I don't know why there are connection errors all the time with this thing, it just seems easier to use the CLI.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...