Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pocket PC vpn to PIX

Reply
Thread Tools

Pocket PC vpn to PIX

 
 
Michael Shiah
Guest
Posts: n/a
 
      03-04-2005
Hi all,

I've a PDA(Model: HP iPAQ 2410, s/w: Pocket PC 2003 Premium) and I tried to
use PDA to vpn to our PIX firewall(Model: 515E-R, software version: 6.3).
Fortunately, I can connect to PIX through PPTP setting on PDA. After that
when I tried to connect to an internal website through VPN, no reponse
replied to me!!

On the other hand, I can use Windows 2000 Professioanl's built-in VPN
function( I use PPTP) to connect to PIX as well as the internal website!!
Windows 2000 works fine!!

Could anybody tell me how I can resolve this problem about PDA's vpn?

The following is part of my PIX config:

interface ethernet0 100full
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password xxxxxx encrypted
passwd xxxxxxx encrypted
hostname KD-PIX
domain-name xx.com
clock timezone cst -6
clock summer-time cdt recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
access-list acl-outside deny tcp 67.92.140.0 255.255.255.0 any
....... a lot of access lists............

access-list 101 permit ip 172.16.30.0 255.255.255.0 172.16.39.0
255.255.255.0
access-list 101 permit ip 172.16.31.0 255.255.255.0 172.16.39.0
255.255.255.0
access-list 101 permit ip 172.16.32.0 255.255.255.0 172.16.39.0
255.255.255.0
access-list 101 permit ip 172.16.40.0 255.255.255.0 172.16.39.0
255.255.255.0
access-list 102 permit tcp 172.16.39.0 255.255.255.0 172.16.0.0 255.255.0.0
eq t
elnet
access-list 102 permit tcp 172.16.39.0 255.255.255.0 172.16.0.0 255.255.0.0
eq s
sh
access-list 102 permit tcp 172.16.39.0 255.255.255.0 host 172.16.34.11 eq
www
access-list 102 permit tcp 172.16.39.0 255.255.255.0 host 172.16.30.11 eq
www
access-list 102 permit tcp 172.16.39.0 255.255.255.0 172.16.0.0 255.255.0.0
eq s
qlnet
access-list test permit ip host 211.134.188.188 any
access-list acl-dma permit tcp any any
pager lines 24
logging on
logging timestamp

logging buffered warnings
logging facility 23
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside xxx 255.255.255.248
ip address inside xxx 255.255.255.0
ip address dmz xxx 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 172.16.39.1-172.16.39.254
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (dmz,outside) xxx 172.16.34.11 netmask 255.255.255.255 0 0
static (inside,dmz) 172.16.30.0 172.16.30.0 netmask 255.255.255.0 0 0
static (dmz,outside) xxx172.16.34.16 netmask 255.255.255.255 0 0
static (inside,outside) xxx172.16.30.164 netmask 255.255.255.255 0 0
access-group acl-outside in interface outside
access-group acl-inside in interface inside
access-group acl-dmz in interface dmz
established tcp 119 0 permitto tcp 113 permitfrom tcp 0
route outside 0.0.0.0 0.0.0.0 xxx 1
route inside 172.16.31.0 255.255.255.0 172.16.30.254 1
route inside 172.16.32.0 255.255.255.0 172.16.30.254 1
route inside 172.16.40.0 255.255.255.0 172.16.30.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 172.16.40.123 uuaiggol timeout 5
aaa-server LOCAL protocol local
aaa accounting match 102 outside RADIUS
snmp-server host inside 172.16.40.123 poll
no snmp-server location
no snmp-server contact
snmp-server community kdpix
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
service resetinbound
service resetoutside
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication RADIUS
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local vpnpool outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpn address-pool vpnpool
vpngroup vpn dns-server 172.16.30.12
vpngroup vpn default-domain kangdainfo.com
vpngroup vpn split-tunnel 101
vpngroup vpn idle-time 1800
vpngroup vpn authentication-server RADIUS
vpngroup vpn password ********
telnet 172.16.40.123 255.255.255.255 inside
telnet 172.16.34.11 255.255.255.255 inside
telnet timeout 5
ssh 172.16.40.123 255.255.255.255 inside
ssh 172.16.30.0 255.255.255.0 inside
ssh 172.16.39.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
vpdn group PPTP accept dialin pptp
vpdn group PPTP ppp authentication mschap
vpdn group PPTP ppp encryption mppe 40 required
vpdn group PPTP client configuration address local vpnpool
vpdn group PPTP client configuration dns 172.16.30.12
vpdn group PPTP client authentication aaa RADIUS
vpdn group PPTP pptp echo 60
vpdn username PPTP password *********
vpdn enable outside
terminal width 80


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
PIX-to-PIX vpn + remote Access VPN not working Marko Uusitalo Cisco 1 04-11-2005 12:45 PM
mixing pix-to-pix vpn and pptp-dial-in-vpn on pix501 Tom Cisco 4 11-17-2004 02:18 PM
Setting initial focus in html using Javascript - Pocket IE on Windows 2003 Pocket PC dsnyder Javascript 2 04-14-2004 03:58 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments