09-26-2002 04:47 PM - edited 02-20-2020 10:16 PM
I have a PIX running 6.2(2) code and the 3.5.1 vpn client. I can set up different vpngroups that use the same local ip pool fine. But if I create a second ip pool and assign a vpngroup to use the new pool they hang at the "securing connection" entry on the client.
Using debug I see that the isakmp portion authenticated but the ipsec authentication fails with invalid ip address.
Partial config:
ip local pool userpool 192.168.101.1-192.168.101.254
ip local pool adminpool 192.168.102.1-192.168.102.254
vpngroup vpnLand address-pool userpool
vpngroup vpnLand split-tunnel 102
vpngroup vpnLand idle-time 1800
vpngroup vpnLand password ********
vpngroup vpnallands address-pool userpool
vpngroup vpnallands split-tunnel 102
vpngroup vpnallands idle-time 1800
vpngroup vpnallands password ********
vpngroup vpnPHX address-pool userpool
vpngroup vpnPHX split-tunnel 102
vpngroup vpnPHX idle-time 1800
vpngroup vpnPHX password ********
vpngroup vpnTRU address-pool userpool
vpngroup vpnTRU split-tunnel 102
vpngroup vpnTRU idle-time 1800
vpngroup vpnTRU password ********
vpngroup admin address-pool adminpool
vpngroup admin split-tunnel 102
vpngroup admin idle-time 1800
vpngroup admin password ********
The vpngroup admin will not authenticate unless its pool is set to userpool. If I delete userpool then vpngroup admin will work with adminpool, but obviously the others will not. When I recreate userpool the others work but admin stops
Is this a supported configuration? I was told with 6.0 it was not. But with 6.2 and pdm2.0 it implies it does (at lease it lets me configure it that way).
09-29-2002 01:04 AM
Did you make sure that you have included both the userpool and adminpool in your nat 0 access-list ?
R/Yusuf
02-10-2003 08:51 AM
Hi. I'm experencing the same problem. Here's may NAT 0 statement:
nat (inside) 0 access-list inside_outbound_nat0_acl
Where do you insert the ip pool config?
Thanks. Shawn.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide