Multiple VPN Clients

Discussion in 'Cisco' started by Ed Russell, Feb 16, 2005.

  1. Ed Russell

    Ed Russell Guest

    I will start this by stating that I am by no means a Cisco expert so bear
    with me while I completly use the wrong terminolgy. I just hope I get the
    point across. We have a scenario whereby we want to establish a VPN
    connection to a PIX 501. The device is a PIX 501 running 6.3(4). The
    network that the clients come from are using a solid state NAT device. We
    are utilizing the Cisco VPN client version 4. We can always successfully
    establish the first VPN connection without issue. That part works just
    great. We can access the internal network behind the PIX. The problem is
    when I fire up the second workstation with a VPN client on it and try and
    connect. It immeadiately drops the first with an error 433 (reset by peer).
    I did some reading and thought I stumbled upon needing to modify the config
    of the PIX to enable NAT-T (I think anyway). I did what I thought would
    work and now from the client side in the VPN connection statistics it reads
    "Transparent tunneling active" "Tunneling port 4500 UDP" or something
    similiar. However, the problem still exists. We have about 30 workstations
    behind our soilid state device and of those only 3 or 4 need VPN access.
    That is why I had figured using the VPN software client should suffice.
    Will this ever work? Do I need to buy a device and put it in on the client
    side and establish the VPN from there? I would rather not as such a small
    percentage of the client side needs to access the VPN. I will paste my PIX
    config to help matters. If anyone could help I would so appreciate it. I
    have REM'd out the sensitive parts of the pix config.

    Building configuration...
    : Saved
    :
    PIX Version 6.3(4)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password ###########
    passwd ########## encrypted
    hostname fw
    domain-name ###########
    clock timezone EST -5
    clock summer-time EDT recurring
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list inside_outbound_nat0_acl permit ip any 192.168.2.0 255.255.255.0
    access-list outside_cryptomap_dyn_20 permit ip any 192.168.2.0 255.255.255.0
    access-list source_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any
    pager lines 24
    icmp permit any outside
    icmp permit any inside
    mtu outside 1500
    mtu inside 1500
    ip address outside ########### 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool sourcevpn 192.168.1.30-192.168.1.40
    pdm location ########### 255.255.0.0 outside
    pdm location ########### 255.255.0.0 outside
    pdm location ########### 255.255.255.255 outside
    pdm location 192.168.1.0 255.255.255.192 outside
    pdm location 192.168.2.0 255.255.255.0 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 24.244.195.1 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    aaa authentication enable console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http ########### 255.255.255.255 outside
    http 192.168.1.0 255.255.255.0 inside
    snmp-server location ###########
    snmp-server contact ###########
    snmp-server community ###########
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map client authentication LOCAL
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp nat-traversal 20
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    vpngroup source address-pool sourcevpn
    vpngroup source dns-server ########### ###########
    vpngroup source default-domain ###########
    vpngroup source split-tunnel source_splitTunnelAcl
    vpngroup source idle-time 1800
    vpngroup source password ********
    telnet timeout 5
    ssh ########### 255.255.0.0 outside
    ssh ########### 255.255.0.0 outside
    ssh ########### 255.255.255.255 outside
    ssh 192.168.1.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.99 inside
    dhcpd dns ########### ###########
    dhcpd lease 432000
    dhcpd ping_timeout 750
    dhcpd domain ###########
    dhcpd auto_config outside
    dhcpd enable inside
    username pasword password ########### encrypted privilege 15
    username mtasker password ########### encrypted privilege 3
    username domenic password ########### encrypted privilege 15
    username keithm password ########### encrypted privilege 3
    username bmercer password ########### encrypted privilege 3
    terminal width 80
    Cryptochecksum:c04f1aaa59ec1c8cc887b48e55f65639
    : end
    [OK]

    Thank you so much for anyone that is willing to look at this for me.

    Ed Russell
     
    Ed Russell, Feb 16, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gerhard Dresch

    Multiple VPN clients - How?

    Gerhard Dresch, Jan 30, 2004, in forum: Cisco
    Replies:
    1
    Views:
    619
    Peter
    Jan 30, 2004
  2. Rodney
    Replies:
    3
    Views:
    5,144
    CISCORUBS
    Aug 17, 2004
  3. Adam
    Replies:
    0
    Views:
    500
  4. Mark McWilliams

    VPN Client 3.5.2/Multiple Clients

    Mark McWilliams, Jan 17, 2005, in forum: Cisco
    Replies:
    2
    Views:
    3,983
    Eric Sorenson
    Jan 19, 2005
  5. Andy

    Multiple Cisco VPN Clients

    Andy, Feb 8, 2005, in forum: Cisco
    Replies:
    1
    Views:
    627
    Martin Bilgrav
    Feb 8, 2005
Loading...

Share This Page