VPN Client 4.0.1 will not connect to PIX

p.holley · ‎10-15-2004

Hi,

I have attaches the following config for my PIX. I cannot connect using VPN Client 4.0.1. any ideas.

Thanks

Patrick Iseli · ‎10-15-2004

Looks good but your keepalives are more short as default and you have configured some more line.

See my template for 6.3.x:

fixup protocol esp-ike

access-list NONAT permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

access-list DYN-VPN-ACL permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

aaa-server LOCAL protocol local

aaa authentication secure-http-client

sysopt connection permit-ipsec

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address DYN-VPN-ACL

crypto dynamic-map outside_dyn_map 20 set transform-set TRANS

crypto map REMOTE 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map REMOTE client authentication LOCAL

crypto map REMOTE interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

ip local pool VPNPool x.y.z.1-x.y.z.254

vpngroup VPNGroup address-pool VPNPool

vpngroup VPNGroup dns-server dns2 dns1

vpngroup VPNGroup default-domain localdomain

vpngroup VPNGroup idle-time 1800

vpngroup VPNGroup password grouppassword

username vpnclient password vpnclient-password

sincerely

Patrick

p.holley · ‎10-18-2004

Thanks Patrick for your template. The issue was with the following command in my config "isakmp policy 1 group 1". VPN Client 3.0 and later needs group 2. Once I changed that I was ok. Thanks again