pix 501 vpn

dagesh4 · ‎06-27-2004

Hi, we have a pix 501 behind a router, the outer interface of the router has a static public ip and all the other ip's are private (router inside=192.x.y.254 , pix outside=192.x.y.1 and pix inside=10.x.y.1).

When I dial a vpn connection (from xp-pro) I get to the "verify username and password" screen and after a while disconnected with 721 error.

When dialing the vpn connection I get the following on the pix's log:

Call id 16 is up on tunnel id 16

Remote Internet Address is x.x.x.x

Session username is unknown, state is estabd

Time since event change 13 secs, interface outside

Remote call id is 60198

PPP interface id is 1

0 packets sent, 0 received, 0 bytes sent, 0 received

Seq 1, Ack 0, Ack_Rcvd 0, peer RWS 64

0 out of order packets

PPP virtual interface id = 1

PPP authentication protocol is NONE

Client ip address is 10.x.y.220

Transmitted Pkts: 0, Received Pkts: 0, Error Pkts: 0

MPPE key strength is None

MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0

MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0

Rcvd_Out_Of_Seq_MPPE_Pkts: 0

The ip's in the log are correct.

I've configured the vpn through the vpn wizard in the pdm, the pix ver is 6.2

How can I overcome this error?

Thank's Dagesh

Report Inappropriate Content · ‎07-01-2004

Have you configured these statements??

access-list 101 permit tcp any host x.x.x.x eq 1723

conduit permit gre any host x.x.x.x

If not trying to configure these.

dagesh4 · ‎07-04-2004

Thanks for the reply.

I am now able to connect through the vpn (with vpn client) but I can't see any computer on the remote lan (the one I try to connect to), I get the right IP but the subnet mask is wrong - class A instead of class C with IP 10.0.0.x

I understand that the subnet mask is applied automaticaly according to the IP in the vpn pool,does it mean that I should change the IP's or subnet mask of my remote lan?

Thanks Dagesh