Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
3
Replies

VPN Config on PIX 515

tjgli
Level 1
Level 1

‎02-14-2005 07:25 AM - edited ‎02-21-2020 01:36 PM

Hello all

As a total VPN Newbie i tried to start the right way so i set up an little Lab with my spare PIX and try to VPN to it from my personnal computer at home....

With no luck so far ,)

I don't understand the way to configure it.. even after reading several config examples ...

I use PIX Version 6.3(4) and VPN client 4.0.5(B)

I started configuring the PIX using some examples but it won't work...

Can someone help me with that simple config ?

I set up the FW at internet adress X.X.X.106 and a FTP Server @ X.X.X.107

Tried to VPN to the FW ... no luck :/

Attached are the relevant lines from the config i wrote and the different log i got.

Thx in advance.

Labels:
Preview file
9 KB
0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎02-14-2005 07:48 AM

Jaboeuf,

You don't have any vpn group setup for your vpn client i.e.

vpngroup address-pool

vpngroup dns-server

vpngroup wins-server

vpngroup default-domain

vpngroup idle-time 1800

vpngroup password

Also, if you have trouble pinging your internal client via the vpn client then add: isakmp nat-traversal onto your config.

Hope this helps,

Jay

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to jmia

‎02-14-2005 04:47 PM

Here is an example config:

access-list NONAT permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

access-list DYN-VPN-ACL permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

aaa-server LOCAL protocol local

aaa authentication secure-http-client

sysopt connection permit-ipsec

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address DYN-VPN-ACL

crypto dynamic-map outside_dyn_map 20 set transform-set TRANS

crypto map REMOTE 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map REMOTE client authentication LOCAL

crypto map REMOTE interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

ip local pool VPNPool x.y.z.1-x.y.z.254

vpngroup VPNGroup address-pool VPNPool

vpngroup VPNGroup dns-server dns2 dns1

vpngroup VPNGroup default-domain localdomain

vpngroup VPNGroup idle-time 1800

vpngroup VPNGroup password grouppassword

username vpnclient password vpnclient-password

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents