Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
931
Views
0
Helpful
7
Replies

Remote access VPN not working on PIX version 8.0(4), Hardware: PIX-515E,

Neeraj Patial
Level 1
Level 1

‎01-23-2017 11:55 PM - edited ‎02-21-2020 09:08 PM

Hi Friends,

I am new  to PIX firewall and need one help i have configured remote access VPN on PIX firewall but when i am trying to access from VPN client its not working and reflecting error remote peer is no longer responding. Attaching Config for understanding any help would be appreciated as i am going MAD with this.

Note:- Here i am using self certificate.

PIX Hardware:-

# show version

Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51

Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "flash:/pix804.bin"
Config file at boot was "startup-config"

nc-edu-gw0 up 6 days 18 hours

Hardware: PIX-515E, 256 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

i have two interfaces Local And WAN

Labels:
Preview file
1716 KB
Preview file
8 KB
0 Helpful
7 Replies 7

Marius Gunnerud
VIP
VIP

‎01-24-2017 05:08 AM

You haven't referenced the trustpoint under the Odessa remote-access tunnel-group. 

tunnel-group Odessa type remote-access

tunnel-group Odessa general-attributes

  address-pool Odessa-NW

  default-group-policy Odessa

Try adding the trustpoint to the Odessa tunnel-group and then test.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Neeraj Patial
Level 1
Level 1
In response to Marius Gunnerud

‎01-24-2017 09:51 PM

Hi Marius,

Trust-Point already added in Odessa Group, any other suggestion as its still not working.

tunnel-group Odessa type remote-access
tunnel-group Odessa general-attributes
 address-pool Odessa-NW
 default-group-policy Odessa
tunnel-group Odessa ipsec-attributes
 trust-point ASDM_TrustPoint0
0 Helpful

Neeraj Patial
Level 1
Level 1
In response to Neeraj Patial

‎01-25-2017 12:21 AM

my pix is 515 with version 8.0(4) and having NAT-CONTROL enable.

does below nat give issue to connect VPN ?

global (wan) 1 interface

as VPN users are coming from wan interface.  Thanks.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Neeraj Patial

‎01-25-2017 12:02 PM

Do you have the root certificate (in the CA certificate) and an identity certificate installed on the ASA?

Also, an identity certificate issued by the root CA to installed on the PC?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Neeraj Patial
Level 1
Level 1
In response to Marius Gunnerud

‎01-27-2017 05:25 AM

Hi Marius,

I am using self signed certificate in  identity certificate.

Is it necessary that should be installed in PC.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Neeraj Patial

‎01-27-2017 10:26 AM

I created a walkthrough on getting this to work using the ASA as a CA (see attached PDF).  My ASA version is 9.4(2) so there might be some differences since you are running 8.0(4).  Hope it helps.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Preview file
453 KB
0 Helpful

Neeraj Patial
Level 1
Level 1
In response to Marius Gunnerud

‎02-03-2017 04:31 AM

Hi Marius,

Issue has been resolved initially i was doing wrong config in VPN client 

i was creating certificate in Pix firewall and at VPN client end i was using authentication user name And password so it was wrong.

Now I have created Pre-shared key & at VPN client end in authentication i have used group name & PSK as password and its working.

Thanks for your time.

0 Helpful
Customers Also Viewed These Support Documents