Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pocket PC vpn to PIX

Thread Tools

Pocket PC vpn to PIX

Michael Shiah
Posts: n/a
Hi all,

I've a PDA(Model: HP iPAQ 2410, s/w: Pocket PC 2003 Premium) and I tried to
use PDA to vpn to our PIX firewall(Model: 515E-R, software version: 6.3).
Fortunately, I can connect to PIX through PPTP setting on PDA. After that
when I tried to connect to an internal website through VPN, no reponse
replied to me!!

On the other hand, I can use Windows 2000 Professioanl's built-in VPN
function( I use PPTP) to connect to PIX as well as the internal website!!
Windows 2000 works fine!!

Could anybody tell me how I can resolve this problem about PDA's vpn?

The following is part of my PIX config:

interface ethernet0 100full
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password xxxxxx encrypted
passwd xxxxxxx encrypted
hostname KD-PIX
clock timezone cst -6
clock summer-time cdt recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
access-list acl-outside deny tcp any
....... a lot of access lists............

access-list 101 permit ip
access-list 101 permit ip
access-list 101 permit ip
access-list 101 permit ip
access-list 102 permit tcp
eq t
access-list 102 permit tcp
eq s
access-list 102 permit tcp host eq
access-list 102 permit tcp host eq
access-list 102 permit tcp
eq s
access-list test permit ip host any
access-list acl-dma permit tcp any any
pager lines 24
logging on
logging timestamp

logging buffered warnings
logging facility 23
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside xxx
ip address inside xxx
ip address dmz xxx
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0 0
static (dmz,outside) xxx netmask 0 0
static (inside,dmz) netmask 0 0
static (dmz,outside) xxx172.16.34.16 netmask 0 0
static (inside,outside) xxx172.16.30.164 netmask 0 0
access-group acl-outside in interface outside
access-group acl-inside in interface inside
access-group acl-dmz in interface dmz
established tcp 119 0 permitto tcp 113 permitfrom tcp 0
route outside xxx 1
route inside 1
route inside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host uuaiggol timeout 5
aaa-server LOCAL protocol local
aaa accounting match 102 outside RADIUS
snmp-server host inside poll
no snmp-server location
no snmp-server contact
snmp-server community kdpix
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
service resetinbound
service resetoutside
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication RADIUS
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address netmask
isakmp identity address
isakmp client configuration address-pool local vpnpool outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpn address-pool vpnpool
vpngroup vpn dns-server
vpngroup vpn default-domain
vpngroup vpn split-tunnel 101
vpngroup vpn idle-time 1800
vpngroup vpn authentication-server RADIUS
vpngroup vpn password ********
telnet inside
telnet inside
telnet timeout 5
ssh inside
ssh inside
ssh inside
ssh timeout 5
console timeout 0
vpdn group PPTP accept dialin pptp
vpdn group PPTP ppp authentication mschap
vpdn group PPTP ppp encryption mppe 40 required
vpdn group PPTP client configuration address local vpnpool
vpdn group PPTP client configuration dns
vpdn group PPTP client authentication aaa RADIUS
vpdn group PPTP pptp echo 60
vpdn username PPTP password *********
vpdn enable outside
terminal width 80

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
PIX-to-PIX vpn + remote Access VPN not working Marko Uusitalo Cisco 1 04-11-2005 12:45 PM
mixing pix-to-pix vpn and pptp-dial-in-vpn on pix501 Tom Cisco 4 11-17-2004 02:18 PM
Setting initial focus in html using Javascript - Pocket IE on Windows 2003 Pocket PC dsnyder Javascript 2 04-14-2004 03:58 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM