Re: Not able to Create remote access VPN in PIX through ASDM

sudhir.rai · ‎11-08-2010

Dear All,

I am trying to create remote access VPN in pix 535 through ASDM , but i am unable to do so.

I have done all the required config ( creating group policies, creating client address pool nat exempt this ip with my internal ip , acl , and binding it....

but still not able to create tunnel .

Firewall details are :

PIX 535
pix version 8.0(4) 32
ASDM 6.1(5)51

Please share the link or doc if you can on how to create remote access VPN in pix 535 via ASDM

Jitendriya Athavale · ‎11-08-2010

this should help

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

sudhir.rai · ‎11-09-2010

There already few user who are using their VPN . However for one specific user i am unable to create remote access vpn

config done on firewall is

lanuser_nat0_outbound extended permit ip host 10.14.0.100 172.25.21.0 255.255.255.252
!

access-list rsudhir extended permit tcp 172.25.21.0 255.255.255.252 host 10.14.0.100 eq 3389

!

ip local pool rsudhir 172.25.21.1-172.25.21.2 mask 255.255.255.252
!

group-policy rsudhir internal
group-policy rsudhir attributes
vpn-filter value rsudhir

!

username sudhir password jCI1hKrjGVOqlHSR encrypted privilege 15
username sudhir attributes
group-lock value rsudhir

!

tunnel-group rsudhir type remote-access
tunnel-group rsudhir general-attributes
address-pool rsudhir
default-group-policy rsudhir
tunnel-group rsudhir ipsec-attributes
pre-shared-key *

praprama · ‎11-09-2010

Hi,

Please run the debugs debug cry isa 127 and debug crypto ips 127 and then try to connect and forward those debugs across.

Also, try removing the group-lock from the username attributes section and see if it helps in connecting.

Regards,

Prapanch