02-18-2005 09:59 AM - edited 02-21-2020 01:37 PM
I am trying to setup a vpn connection using Cisco vpn client 4.6 and PIX 6.3. My problem is when I try to connect from the client, I get an error message says that Unable to connect with the remote device"
My pix outside is connect to a internet router and i can ping my default gateway from the pix. I am using correct vpngroup and password on the client.
I don't know what is wrong with my config. Please help. Below is my config.
Thanks in advance.
Regards,
Asif
Pixfirewall#
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
interface ethernet4 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz3 security40
nameif ethernet3 intf3 security60
nameif ethernet4 intf4 security80
hostname Pixfirewall
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 102 permit ip 172.16.30.0 255.255.255.240 172.16.31.0 255.255.255.240
access-list 102 permit ip 172.16.16.16 255.255.255.240 172.16.31.0 255.255.255.240
access-list 102 permit ip 172.16.16.0 255.255.255.240 172.16.31.0 255.255.255.240
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz3 1500
mtu intf3 1500
mtu intf4 1500
ip address outside 150.x.x.x 255.255.255.240
ip address inside 172.16.30.2 255.255.255.240
no ip address dmz3
no ip address intf3
no ip address intf4
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool1 172.16.31.1-172.16.31.12
pdm history enable
arp timeout 14400
nat (inside) 0 access-list 102
route outside 0.0.0.0 0.0.0.0 150.x.x.x 1
route inside 172.16.16.0 255.255.255.240 172.16.30.1 1
route inside 172.16.16.16 255.255.255.240 172.16.30.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set trmset1 esp-des
crypto dynamic-map map2 10 set transform-set trmset1
crypto map map1 10 ipsec-isakmp dynamic map2
crypto map map1 interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup remote address-pool vpnpool1
vpngroup remote split-tunnel 102
vpngroup remote idle-time 1800
vpngroup remote password ********
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
02-18-2005 11:15 AM
Try adding ipsec "esp-md5" transform set, and also an md5 isakmp hash.
You need to make sure that the PIX and the client agree on both ipsec and isakmp configs.
Can you enable logging on the client and set it to log all messages and post it here?
HTH
Mustafa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide