07-19-2008 02:35 AM - edited 02-21-2020 03:50 PM
Hi All
First I would like to thank to all forum members that help me in several posts about pix 515 configuration.
I am trying to configure now a Remote access VPN with radius authentication to my corporate network, but I can't connect.
I am using cisco vpn client 5.0.03.0560., I also tested my radius server authentication from pix (inside) and is working fine.
I already tried to retype the key from cli,but i still can't get the remote access vpn to work.
I also tried to create another remote vpn with another name and local authentication but i get the same problem.
I am using pix version 8.0(3).
Can anyone help-me
I attach the log file from cisco vpn cliente to help troubleshoot the problem, as well a configuration file from pix.
Thank you so much in advance and I will be looking forward for the information.
Solved! Go to Solution.
07-21-2008 01:30 PM
07-19-2008 06:16 AM
show debug on the PIX
deb crypto isakmp 10
deb crypto ipsec 10
07-19-2008 06:47 AM
07-19-2008 07:05 AM
try to add
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal
clear crypto isakmp sa
clear crypto ipsec sa
and try again
and show the output
deb crypto isakmp 255
07-19-2008 07:21 AM
07-19-2008 07:50 AM
did you get username and password prompt on the client?
could you test the authentication
test aaa-server authentication my_authent_grp username XXX password XXX
07-19-2008 10:05 AM
i tested aaa-server authetication from inside, and it works.
but when i use cisco vpn cliente to access to my corporate network the cliente dosen't ask the username and password for the aaa-server.
07-20-2008 02:35 AM
try to remove
no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
clear crypto isakmp sa
07-21-2008 09:52 AM
Its working, as soon as i put the PIX Firewall Activation Key for 3des (my mistake), and change the connection to 3des as you posted (a.alekseev) the vpn start working .
The only problem i have is the following to be able to connect to my corporate network i have to use any ip address scope, if i trie to use my internel dhcp server e can't get an ip address to the vpn cliente.
07-21-2008 01:30 PM
07-23-2008 02:42 PM
Thank You for your help now pix is working fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide