Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

pix506e to pix506e vpn doesn't pass all traffic

mikeysee2868
Level 1
Level 1

‎10-18-2004 06:09 AM

Hi everyone,

I am having trouble configuring a pix to pix as server and client vpn. I am able to get the vpn to connect and can see data at the main location. The issue is when I try to connect to the SCO Unix host. I can't get a ping response or a telnet session going. Any help would be appreciated.

Thanks.

Mike

Below is the config:

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxx

passwd xxxxx

hostname pixfirewall

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol pptp 1723

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

access-list 100 permit icmp any host xx.xx.xx.xx

access-list 100 permit tcp any host xx.xx.xx.xx

access-list 100 permit ip any host xx.xx.xx.xx

access-list 100 permit udp any host xx.xx.xx.xx

access-list 101 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit tcp any any

access-list 101 permit udp any any

access-list 110 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside xx.xx.xx.xx 255.0.0.0

ip address inside 10.0.0.245 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool 10.3.3.1-10.3.3.254

pdm location 10.0.0.0 255.255.255.0 inside

pdm location 10.0.0.1 255.255.255.255 inside

pdm location 10.0.0.0 255.0.0.0 inside

pdm location 192.168.1.0 255.255.255.0 outside

pdm location 10.0.0.254 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) xx.xx.xx.xx 10.0.0.1 netmask 255.255.255.255 0 0

access-group 100 in interface outside

route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.0.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-pptp

crypto ipsec transform-set myset esp-aes esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup mygroup address-pool ippool

vpngroup mygroup dns-server 10.0.0.1

vpngroup mygroup wins-server 10.0.0.1

vpngroup mygroup default-domain domain.com

vpngroup mygroup split-tunnel 101

vpngroup mygroup idle-time 1800

vpngroup mygroup password ********

vpngroup idle-time idle-time 1800

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

terminal width 80

Cryptochecksum:xxxx

Labels:
0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎10-18-2004 08:32 AM

Have you checked your routing table on the SCO Unix server? I had once the same issue with SCO Unix server.

Add a default route with the remote network and the PIX as default gateway and try again. Do you have another default gateway on your SCO Unix Server ?

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents