06-02-2014 07:30 AM - edited 03-11-2019 09:16 PM
Dear concern,
I was configured Remote access vpn on fwsm module successfully connect through vpn client but i did not access my internal resource. Some different type error face need for your valid help.
Error:
VPN-SESSION_DB in SESS_Mgmt_DeleteEntryInt: Account stop failure
!!:
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP = 39.42.218.63, Removing peer from peer table failed, no match!
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP = 39.42.218.63, Error: Unable to remove PeerTblEntry
Face this error
This is my configuration:crypto ipsec transform-set firstset esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set firstset
crypto dynamic-map dyni 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
default-group-policy RAVPN
tunnel-group testgroup ipsec-attributes
pre-shared-key *
group-policy RAVPN internal
group-policy RAVPN attributes
dns-server value XXXXXXX
vpn-tunnel-protocol IPSec
pfs disable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value XXXXXXX
default-domain value XXXXXXX
nat (servers) 0 access-list nonat
Please wait for your reply:;
06-02-2014 08:12 AM
A VPN terminating on a FWSM in only for management access to the FWSM itself - it is not a full-featured remote access (or site-site) VPN.
"In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself."
06-02-2014 09:10 PM
Thanks For MR Marvin Rhoads quick reply.
but i was little confuse after connecting vpn i will access Server prefix gateway addres but i cannot access any internal server ip i hope you clear my mind confusion actually first time creat vpn on FWSM Module. please request you little describe management access with examples.
06-03-2014 08:19 AM
You're welcome.
Management access = access to the FWSM's interface (IP address) for purposes of configuring or monitoring the behavior of the FWSM itself and traffic going through it (using tools such as "show" commands, SNMP queries, traps or syslogs).
You cannot access any internal server IP through a VPN terminating on a FWSM. That is not allowed by design.
06-03-2014 08:59 PM
ok realy thanks for Mr Rhoads clear my mind regarding remote access vpn on FWSM.
If face further any problem i get your experience.
06-04-2014 05:45 AM
You're welcome.
Please rate helpful replies and mark your question as answered if it has been.
02-10-2022 05:57 PM
Hello everyone,
It is mean that we can not established VPN site to site on FWSM Version 4.0(4)
02-11-2022 04:41 AM
Correct. It's not supported.
Even if you could the product has been past end of support for over 10 years and should not be used for anything critical to your enterprise.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide