Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX to PIX plus VPN Client Cisco Problem

Reply
Thread Tools

PIX to PIX plus VPN Client Cisco Problem

 
 
meme
Guest
Posts: n/a
 
      02-11-2004
Hello all,

I configured two VPN, one between two PIX 501 (6.3(1)) and one between a PIX
and a Cisco VPN Client 4.0.3 (C).

Well, the VPN between PIX works fine, while the VPN between the Cisco VPN
Client and the PIX doesn't works. The PIX assigns the IP address (in the
pool) to my remote PC but I cannot ping the internal interface of the PIX
(192.168.50.100).

Thank you in advance for the answer.



Bye.

Meme







: Saved
: Written by enable_15 at 23:32:45.392 CEST Tue Feb 10 2004
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *** encrypted
passwd *** encrypted
hostname test
domain-name test
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
no names
access-list 101 permit ip host 192.168.50.1 10.0.0.0 255.255.255.0
access-list 101 permit ip 192.168.50.0 255.255.255.0 192.168.50.144
255.255.255.240
access-list 104 permit udp any any eq tftp
access-list 103 permit tcp any any eq ssh
pager lines 24
icmp deny any outside
mtu outside 1500
mtu inside 1500
ip address outside *** 255.255.255.255 pppoe
ip address inside 192.168.50.100 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool1 192.168.50.151-192.168.50.159
no pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 *** 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
fragment chain 1
sysopt connection permit-ipsec
crypto ipsec transform-set nometrans esp-aes-256 esp-md5-hmac
crypto ipsec transform-set VpnClientSet esp-aes-256 esp-sha-hmac
crypto dynamic-map dynmap1 30 set transform-set VpnClientSet
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer ***
crypto map transam 1 set transform-set nometrans
crypto map transam 20 ipsec-isakmp dynamic dynmap1
crypto map transam interface outside
isakmp enable outside
isakmp key *** address *** netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption aes-256
isakmp policy 1 hash md5
isakmp policy 1 group 5
isakmp policy 1 lifetime 1000
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 1000
vpngroup testg address-pool vpnpool1
vpngroup testg split-tunnel 101
vpngroup testg idle-time 1800
vpngroup testg password ***
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
management-access outside
console timeout 0
vpdn group pppoe-sbc request dialout pppoe
vpdn group pppoe-sbc localname ***
vpdn group pppoe-sbc ppp authentication pap
vpdn username *** password ***
vpdn enable inside
dhcpd lease 3600
dhcpd ping_timeout 750
terminal width 100
Cryptochecksum:306eb9ab906724fdab9dffa404c4f230
: end



 
Reply With Quote
 
 
 
 
meme
Guest
Posts: n/a
 
      02-12-2004
More help...
I removed the VPN site-to-site configuration and the VPN between Cisco VPN
Client and PIX works fine, together they don't work.
Thank a lot in advance.
Bye


> I configured two VPN, one between two PIX 501 (6.3(1)) and one between a

PIX
> and a Cisco VPN Client 4.0.3 (C).
>
> Well, the VPN between PIX works fine, while the VPN between the Cisco VPN
> Client and the PIX doesn't works. The PIX assigns the IP address (in the
> pool) to my remote PC but I cannot ping the internal interface of the PIX
> (192.168.50.100).
>
> Thank you in advance for the answer.



 
Reply With Quote
 
 
 
 
GuenTech GuenTech is offline
Junior Member
Join Date: May 2009
Posts: 6
 
      05-23-2009
I have the same problem.

I have an IPSec tunnel between my PIX 515E and a remote office via their ISP's VPN concentrator. this this tunnel up, my cisco VPN clients can connect but NOT pass traffic.

I have the following related access-list entries (101 is for my VPNGroup using cisco VPN client. DalVPN is for my IPSec tunnel between our PIX 515E and the VPN concentrator):

access-list 101 permit ip 10.1.150.0 255.255.255.0 10.1.250.0 255.255.255.0
access-list DalVPN permit ip 10.1.150.0 255.255.255.0 10.0.1.0 255.255.255.0

IF I use:

nat (inside) 0 access-list 101

THEN my Cisco VPN clients work great, but my IPSEC tunnel to Dallas dies.

IF I use:

nat (inside) 0 access-list DalVPN

THEN my IPSec tunnel to Dallas works great, but Cisco VPN clients can not pass traffic.



What are we missing... this is very frustrating. Any ideas anyone?

 
Reply With Quote
 
GuenTech GuenTech is offline
Junior Member
Join Date: May 2009
Posts: 6
 
      05-27-2009
I have solved the problem:

Added the following to my 101 access-list to except traffic from the NAT process:

access-list 101 permit ip 10.1.150.0 255.255.255.0 10.0.1.0 255.255.255.0

Poof! now both the PIX to Concentrator IPSec tunnel and the Cisco VPN Clients pass data back and forth properly.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN client OK - Checkpoint VPN client not OK Ned Cisco 0 10-12-2007 01:02 PM
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
Cisco VPN Client vs MS VPN Client jarcar Cisco 0 02-12-2004 12:22 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM
Help with Cisco VPN client 4.0.1 (and 4.0.3) - The VPN client could not find the adapters GUID MP Cisco 2 12-30-2003 03:55 PM



Advertisments