topic Re: You're welcome.Please rate in Network Security

Remote Access VPN On FWSM Module

awais.afzal — Tue, 12 Mar 2019 04:16:32 GMT

Dear concern,

I was configured Remote access vpn on fwsm module successfully connect through vpn client but i did not access my internal resource. Some different type error face need for your valid help.

Error:
VPN-SESSION_DB in SESS_Mgmt_DeleteEntryInt: Account stop failure

!!:
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP = 39.42.218.63, Removing peer from peer table failed, no match!
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP = 39.42.218.63, Error: Unable to remove PeerTblEntry

Face this error

This is my configuration:crypto ipsec transform-set firstset esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set firstset
crypto dynamic-map dyni 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
default-group-policy RAVPN
tunnel-group testgroup ipsec-attributes
pre-shared-key *

group-policy RAVPN internal
group-policy RAVPN attributes
dns-server value XXXXXXX
vpn-tunnel-protocol IPSec
pfs disable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value XXXXXXX
default-domain value XXXXXXX

nat (servers) 0 access-list nonat

Please wait for your reply:;

A VPN terminating on a FWSM

Marvin Rhoads — Mon, 02 Jun 2014 15:12:43 GMT

A VPN terminating on a FWSM in only for management access to the FWSM itself - it is not a full-featured remote access (or site-site) VPN.

Reference:

"In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself."

Thanks For MR Marvin Rhoads

awais.afzal — Tue, 03 Jun 2014 04:10:24 GMT

Thanks For MR Marvin Rhoads quick reply.

but i was little confuse after connecting vpn i will access Server prefix gateway addres but i cannot access any internal server ip i hope you clear my mind confusion actually first time creat vpn on FWSM Module. please request you little describe management access with examples.

You're welcome.Management

Marvin Rhoads — Tue, 03 Jun 2014 15:19:15 GMT

You're welcome.

Management access = access to the FWSM's interface (IP address) for purposes of configuring or monitoring the behavior of the FWSM itself and traffic going through it (using tools such as "show" commands, SNMP queries, traps or syslogs).

You cannot access any internal server IP through a VPN terminating on a FWSM. That is not allowed by design.

ok realy thanks for Mr Rhoads

awais.afzal — Wed, 04 Jun 2014 03:59:13 GMT

ok realy thanks for Mr Rhoads clear my mind regarding remote access vpn on FWSM.

If face further any problem i get your experience.

You're welcome.Please rate

Marvin Rhoads — Wed, 04 Jun 2014 12:45:32 GMT

You're welcome.

Please rate helpful replies and mark your question as answered if it has been.

Re: You're welcome.Please rate

NguyenHoangAnh3197 — Fri, 11 Feb 2022 01:57:16 GMT

Hello everyone,
It is mean that we can not established VPN site to site on FWSM Version 4.0(4)

Re: You're welcome.Please rate

Marvin Rhoads — Fri, 11 Feb 2022 12:41:40 GMT

Correct. It's not supported.

Even if you could the product has been past end of support for over 10 years and should not be used for anything critical to your enterprise.