I am trying to get a vpn connection to get pass the PIX firewall and have access to a network. So far I haven't been very successful.

Here are my configs:

PIX 515:

access-list acl_out permit tcp any any eq telnet

access-list acl_out permit udp any any eq 23

access-list acl_prinetwork permit icmp any any

access-list acl_prinetwork permit tcp any any eq telnet

access-list acl_prinetwork permit udp any any eq 23

access-list 1 permit ip 172.16.4.64 255.255.255.192 172.16.5.0 255.255.255.192

access-list acl_slavenetwork permit udp any any eq dnsix

pager lines 24

icmp permit any outside

icmp permit any secnetwork

icmp permit any prinetwork

icmp permit any slavenetwork

mtu outside 1500

mtu secnetwork 1500

mtu prinetwork 1500

mtu slavenetwork 1500

ip address outside 172.16.4.66 255.255.255.192

ip address secnetwork 172.16.4.193 255.255.255.192

ip address prinetwork 172.16.5.1 255.255.255.192

no ip address slavenetwork

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address secnetwork

no failover ip address prinetwork

no failover ip address slavenetwork

pdm history enable

arp timeout 14400

global (outside) 1 172.16.5.0

static (prinetwork,outside) 172.16.5.0 172.16.5.0 netmask 255.255.255.192 0 0

static (prinetwork,outside) 172.16.5.0 172.16.4.0 netmask 255.255.255.255 0 0

static (outside,prinetwork) 172.16.4.0 172.16.4.0 netmask 255.255.255.255 0 0

static (outside,prinetwork) 172.16.4.0 172.16.5.0 netmask 255.255.255.192 0 0

static (prinetwork,outside) 172.16.4.0 172.16.5.0 netmask 255.255.255.255 0 0

static (outside,prinetwork) 172.16.5.0 172.16.4.0 netmask 255.255.255.192 0 0

conduit permit ip host 172.16.5.0 any

conduit permit tcp host 172.16.5.0 any

conduit permit udp host 172.16.5.0 any

conduit permit icmp host 172.16.5.0 any

conduit permit icmp host 172.16.5.3 any

route outside 0.0.0.0 0.0.0.0 172.16.4.65 1

Router:

vpdn enable

vpdn logging

vpdn logging user

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local group1

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

ip address 172.16.4.8 255.255.255.192

!

interface FastEthernet0/0

ip address 172.16.4.65 255.255.255.192

ip nat inside

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface FastEthernet0/1

ip address 64.45.175.yyy 255.255.255.ccc secondary

ip address 64.45.175.xxx 255.255.255.ccc

ip nat outside

speed auto

half-duplex

!

interface Serial0/1

no ip address

shutdown

!

interface Virtual-Template1

ip unnumbered FastEthernet0/1

no keepalive

peer default ip address pool group1

ppp encrypt mppe auto required

ppp authentication ms-chap

!

ip local pool group1 172.16.4.6 172.16.4.30

ip default-gateway 69.45.175.169

ip nat inside source list 102 interface FastEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 64.45.175.169

ip route 172.16.4.0 255.255.255.255 172.16.4.66

ip route 172.16.4.0 255.255.255.255 172.16.5.0

ip route 172.16.5.0 255.255.255.192 172.16.4.66

ip http server