Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
0
Helpful
1
Replies

Need help with VPN configuration

achoudh12004
Level 1
Level 1

‎02-18-2005 09:59 AM - edited ‎02-21-2020 01:37 PM

I am trying to setup a vpn connection using Cisco vpn client 4.6 and PIX 6.3. My problem is when I try to connect from the client, I get an error message says that “Unable to connect with the remote device"

My pix outside is connect to a internet router and i can ping my default gateway from the pix. I am using correct vpngroup and password on the client.

I don't know what is wrong with my config. Please help. Below is my config.

Thanks in advance.

Regards,

Asif

Pixfirewall#

: Saved

:

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

interface ethernet3 auto

interface ethernet4 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz3 security40

nameif ethernet3 intf3 security60

nameif ethernet4 intf4 security80

hostname Pixfirewall

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list 102 permit ip 172.16.30.0 255.255.255.240 172.16.31.0 255.255.255.240

access-list 102 permit ip 172.16.16.16 255.255.255.240 172.16.31.0 255.255.255.240

access-list 102 permit ip 172.16.16.0 255.255.255.240 172.16.31.0 255.255.255.240

pager lines 24

mtu outside 1500

mtu inside 1500

mtu dmz3 1500

mtu intf3 1500

mtu intf4 1500

ip address outside 150.x.x.x 255.255.255.240

ip address inside 172.16.30.2 255.255.255.240

no ip address dmz3

no ip address intf3

no ip address intf4

ip audit info action alarm

ip audit attack action alarm

ip local pool vpnpool1 172.16.31.1-172.16.31.12

pdm history enable

arp timeout 14400

nat (inside) 0 access-list 102

route outside 0.0.0.0 0.0.0.0 150.x.x.x 1

route inside 172.16.16.0 255.255.255.240 172.16.30.1 1

route inside 172.16.16.16 255.255.255.240 172.16.30.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set trmset1 esp-des

crypto dynamic-map map2 10 set transform-set trmset1

crypto map map1 10 ipsec-isakmp dynamic map2

crypto map map1 interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup remote address-pool vpnpool1

vpngroup remote split-tunnel 102

vpngroup remote idle-time 1800

vpngroup remote password ********

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Labels:
0 Helpful
1 Reply 1

mhussein
Level 4
Level 4

‎02-18-2005 11:15 AM

Try adding ipsec "esp-md5" transform set, and also an md5 isakmp hash.

You need to make sure that the PIX and the client agree on both ipsec and isakmp configs.

Can you enable logging on the client and set it to log all messages and post it here?

HTH

Mustafa

0 Helpful
Customers Also Viewed These Support Documents