PIX-to-PIX vpn + remote Access VPN not working

Discussion in 'Cisco' started by Marko Uusitalo, Apr 11, 2005.

  1. Hi!

    I have to site A and B connected by Site to Site VPN and they are
    working OK. When I try to add remote access VPN for Site A so that
    users at home could use Both site A´s ja Site B´s services and also
    connect to net through site A, I can't get this to work. I have tried
    doing this both with PDM and commandline. I have quite a lot experiece
    with routers, but PIXes are still somewhat mystery to me. Does anyone
    have any similar working configurations to share with me?

    Any help would be greatly apreciated


    Best regards


    Marko Uusitalo
     
    Marko Uusitalo, Apr 11, 2005
    #1
    1. Advertising

  2. Marko Uusitalo

    Frank Durham Guest

    Marko-

    Here is what i used to set to remote access-vpn with the Cisco VPN client.

    access-list nonat permit ip 172.16.0.0 255.255.0.0 192.168.10.0
    255.255.255.0 (Access-list defining what traffic to not use NAT on)
    access-list 102 permit ip 172.16.0.0 255.255.0.0 192.168.10.0 255.255.255.0
    (Access-list defining which traffic to use split-tunneling on)
    nat (interface) 0 access-list nonat (Command issued to not use NAT
    translation through whichever interface the VPN traffic will flow.)

    sysopt connection permit-ipsec (Permits IPSEC communictation through the
    PIX)

    crypto ipsec transform-set vpnsei esp-3des esp-md5-hmac (Setting up what
    type of encryption to use, there are many choices)
    crypto dynamic-map dynmapsei 10 set transform-set vpnsei

    crypto map vpnsei 10 ipsec-isakmp dynamic dynmapsei
    crypto map vpnsei client configuration address initiate
    crypto map vpnsei client configuration address respond

    isakmp client configuration address-pool local sei-1 internet

    vpngroup misvpn address-pool <name-of-pool> (The vpngroup command sets up
    your configuration for the vpn. Your first line tells which ip pool to use)
    vpngroup misvpn dns-server <xxx.xxx.xxx.xxx> (DNS server IP)
    vpngroup misvpn wins-server <xxx.xxx.xxx.xxx> (WINS server ip)
    vpngroup misvpn default-domain <whatever.com> (your internal domain name)
    vpngroup misvpn split-tunnel <access-list> (This command allows your vpn
    users to surf the web through their ISP and only use the VPN to connect to
    your internal servers or services)
    vpngroup misvpn split-dns <whatever.com> (your internal domain-name. Also
    used in conjunction with command above)
    vpngroup misvpn idle-time 7200 (time in seconds you want the the Pix to
    allow a connection to sit idle)
    vpngroup misvpn password ******** (VPN group password)

    ip local pool sei-1 192.168.10.10-192.168.10.25 (This is the ip addresses
    that are assigned to the VPN Clients)


    If you have any problems or more questions, send me an email at


    Frank
    "Marko Uusitalo" <> wrote in message
    news:...
    > Hi!
    >
    > I have to site A and B connected by Site to Site VPN and they are
    > working OK. When I try to add remote access VPN for Site A so that
    > users at home could use Both site A´s ja Site B´s services and also
    > connect to net through site A, I can't get this to work. I have tried
    > doing this both with PDM and commandline. I have quite a lot experiece
    > with routers, but PIXes are still somewhat mystery to me. Does anyone
    > have any similar working configurations to share with me?
    >
    > Any help would be greatly apreciated
    >
    >
    > Best regards
    >
    >
    > Marko Uusitalo
     
    Frank Durham, Apr 11, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Sale
    Replies:
    1
    Views:
    12,008
    Robin Walker
    Dec 11, 2004
  2. Bill F
    Replies:
    1
    Views:
    442
    Walter Roberson
    Nov 25, 2003
  3. Replies:
    1
    Views:
    660
    Walter Roberson
    Nov 14, 2006
  4. pasatealinux
    Replies:
    1
    Views:
    2,062
    pasatealinux
    Dec 17, 2007
  5. BF
    Replies:
    2
    Views:
    766
Loading...

Share This Page