You're welcome.Please rate

awais.afzal · ‎06-02-2014

Dear concern,

I was configured Remote access vpn on fwsm module successfully connect through vpn client but i did not access my internal resource. Some different type error face need for your valid help.

Error:
VPN-SESSION_DB in SESS_Mgmt_DeleteEntryInt: Account stop failure

!!:
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP = 39.42.218.63, Removing peer from peer table failed, no match!
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP = 39.42.218.63, Error: Unable to remove PeerTblEntry

Face this error

This is my configuration:crypto ipsec transform-set firstset esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set firstset
crypto dynamic-map dyni 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
default-group-policy RAVPN
tunnel-group testgroup ipsec-attributes
pre-shared-key *

group-policy RAVPN internal
group-policy RAVPN attributes
dns-server value XXXXXXX
vpn-tunnel-protocol IPSec
pfs disable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value XXXXXXX
default-domain value XXXXXXX

nat (servers) 0 access-list nonat

Please wait for your reply:;

Marvin Rhoads · ‎06-02-2014

A VPN terminating on a FWSM in only for management access to the FWSM itself - it is not a full-featured remote access (or site-site) VPN.

Reference:

"In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself."

awais.afzal · ‎06-02-2014

Thanks For MR Marvin Rhoads quick reply.

but i was little confuse after connecting vpn i will access Server prefix gateway addres but i cannot access any internal server ip i hope you clear my mind confusion actually first time creat vpn on FWSM Module. please request you little describe management access with examples.

Marvin Rhoads · ‎06-03-2014

You're welcome.

Management access = access to the FWSM's interface (IP address) for purposes of configuring or monitoring the behavior of the FWSM itself and traffic going through it (using tools such as "show" commands, SNMP queries, traps or syslogs).

You cannot access any internal server IP through a VPN terminating on a FWSM. That is not allowed by design.

awais.afzal · ‎06-03-2014

ok realy thanks for Mr Rhoads clear my mind regarding remote access vpn on FWSM.

If face further any problem i get your experience.

Marvin Rhoads · ‎06-04-2014

You're welcome.

Please rate helpful replies and mark your question as answered if it has been.

NguyenHoangAnh3197 · ‎02-10-2022

Hello everyone,
It is mean that we can not established VPN site to site on FWSM Version 4.0(4)

Marvin Rhoads · ‎02-11-2022

Correct. It's not supported.

Even if you could the product has been past end of support for over 10 years and should not be used for anything critical to your enterprise.

Remote Access VPN On FWSM Module