01-08-2003 10:03 AM - edited 02-21-2020 12:16 PM
Hello,
I have problem in our firm with PIX515 and VPN client form notebook via GPRS. Connection established but i cannot ping to PIX and from PIX to client.
Can you help me, please?
access-list 101 permit ip 192.168.254.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list 101 permit ip 10.186.0.0 255.255.0.0 192.168.100.0 255.255.255.0
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu fw1 1500
ip address inside 192.168.254.1 255.255.255.252
ip local pool vpnpool 192.168.100.1-192.168.100.5
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
crypto ipsec transform-set vpnset mode transport
crypto dynamic-map dynmap 10 set transform-set vpnset
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
crypto map vpnmap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpn35 address-pool vpnpool
vpngroup vpn35 dns-server 213.235.163.193
vpngroup vpn35 wins-server 10.186.33.2
vpngroup vpn35 default-domain sntcr.cz
vpngroup vpn35 split-tunnel 101
vpngroup vpn35 idle-time 1800
vpngroup vpn35 password ********
01-08-2003 10:27 AM
Hi David,
Your pix configuration looks good as far as VPN is concerned. You may be running into some routing issue.
Once the tunnel is established, ping something inside the pix firewall from the VPN client. You should see encrypts on the client and decrypts on the pix firewall ( sh cry ip sa ). If this is the case, you are running into some routing issues towards the pix firewall. But if you are seeing decrypts as well as encrypts on the pix ( sh cry ip sa ), then you might be running into some filtering issues between the pix and the VPN client
Jazib
01-08-2003 10:50 AM
Now I am connecting to pix and I pinging. I see on the client all packets are discards. On pix I see 0 encryp 0 decryp..??:-(
We have CISCO 2620 between pix and the client . Can be problem there?
David
01-08-2003 03:01 PM
If you are not seeing any encrypts on the client, then it sounds like your VPN client is not intercepting the packets properly. In the stats screen on the VPN client, do you see a small yellow key next to 0.0.0.0 route?
Jazib
01-09-2003 01:25 AM
In the list of routes on the vpnclient i have approx. ten routes but only two routes have yellow key. When I ping on te route with yellow key i see encrypt paket but on the other without yellow key the packet are discards. Why I have yellow key only on two routes from ten?
Thank you
David
01-09-2003 06:01 AM
And next to default route 0.0.0.0 i have not yellow key...:-((
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide