12-17-2007 09:59 PM - edited 02-21-2020 01:50 AM
Hi All,
I am having a problem in configuring a dynamic VPN in my pix which has the 7.2 version of ios but i am able to work with same configuration in the pix whch has 6.3 version i just want a user from outside my network using the vpn client access the resource inside my network below is my configuration is it ok are should i need to do anything more? please advice me.
ip local pool vpnpool1 192.168.170.1-192.168.170.254
crypto dynamic-map map2 20 set transform-set guatemala1
crypto map map1 20 ipsec-isakmp dynamic map2
crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Guatemalavpn address-pool vpnpool1
vpngroup Guatemalavpn split-tunnel inside_nat0_outbound
vpngroup Guatemalavpn idle-time 36000
vpngroup Guatemalavpn password xxxxxxx
access-list outside_acl permit tcp 192.168.170.0 255.255.255.0 172.19.10.0 255.255.255.0
route outside 192.168.170.0 255.255.255.0 200.30.222.65
access-list inside_nat0_outbound extended permit ip any 192.168.170.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-list 102 permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
12-18-2007 12:17 AM
anyone please help me
12-19-2007 08:31 AM
Try it and tell me if works:
ip local pool vpnpool1 192.168.170.1-192.168.170.254
access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-list acl-inside extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-group acl-inside in interface inside
nat (inside) 0 access-list inside_nat0_outbound
group-policy Guatemalavpn internal
group-policy Guatemalavpn attributes
wins-server value xx.xx.xx.xx
dns-server value xx.xx.xx.xx
default-domain value mydomain.com
crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
crypto dynamic-map map2 20 set transform-set guatemala1
crypto map map1 20 ipsec-isakmp dynamic map2
crypto map map1 interface outside
crypto isakmp identity address
crypto isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
tunnel-group Guatemalavpn type ipsec-ra
tunnel-group Guatemalavpn general-attributes
address-pool vpnpool1
default-group-policy Guatemalavpn
tunnel-group Guatemalavpn ipsec-attributes
pre-shared-key *
route outside 192.168.170.0 255.255.255.0 200.30.222.65
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide