Pocket PC vpn to PIX

Discussion in 'Cisco' started by Michael Shiah, Mar 4, 2005.

  1. Hi all,

    I've a PDA(Model: HP iPAQ 2410, s/w: Pocket PC 2003 Premium) and I tried to
    use PDA to vpn to our PIX firewall(Model: 515E-R, software version: 6.3).
    Fortunately, I can connect to PIX through PPTP setting on PDA. After that
    when I tried to connect to an internal website through VPN, no reponse
    replied to me!!

    On the other hand, I can use Windows 2000 Professioanl's built-in VPN
    function( I use PPTP) to connect to PIX as well as the internal website!!
    Windows 2000 works fine!!

    Could anybody tell me how I can resolve this problem about PDA's vpn?

    The following is part of my PIX config:

    interface ethernet0 100full
    interface ethernet1 auto
    interface ethernet2 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 dmz security50
    enable password xxxxxx encrypted
    passwd xxxxxxx encrypted
    hostname KD-PIX
    domain-name xx.com
    clock timezone cst -6
    clock summer-time cdt recurring
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    no names
    access-list acl-outside deny tcp any
    ....... a lot of access lists............

    access-list 101 permit ip
    access-list 101 permit ip
    access-list 101 permit ip
    access-list 101 permit ip
    access-list 102 permit tcp
    eq t
    access-list 102 permit tcp
    eq s
    access-list 102 permit tcp host eq
    access-list 102 permit tcp host eq
    access-list 102 permit tcp
    eq s
    access-list test permit ip host any
    access-list acl-dma permit tcp any any
    pager lines 24
    logging on
    logging timestamp

    logging buffered warnings
    logging facility 23
    mtu outside 1500
    mtu inside 1500
    mtu dmz 1500
    ip address outside xxx
    ip address inside xxx
    ip address dmz xxx
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool vpnpool
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list 101
    nat (inside) 1 0 0
    static (dmz,outside) xxx netmask 0 0
    static (inside,dmz) netmask 0 0
    static (dmz,outside) xxx172.16.34.16 netmask 0 0
    static (inside,outside) xxx172.16.30.164 netmask 0 0
    access-group acl-outside in interface outside
    access-group acl-inside in interface inside
    access-group acl-dmz in interface dmz
    established tcp 119 0 permitto tcp 113 permitfrom tcp 0
    route outside xxx 1
    route inside 1
    route inside 1
    route inside 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server RADIUS (inside) host uuaiggol timeout 5
    aaa-server LOCAL protocol local
    aaa accounting match 102 outside RADIUS
    snmp-server host inside poll
    no snmp-server location
    no snmp-server contact
    snmp-server community kdpix
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    service resetinbound
    service resetoutside
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map mymap 10 ipsec-isakmp dynamic dynmap
    crypto map mymap client authentication RADIUS
    crypto map mymap interface outside
    isakmp enable outside
    isakmp key ******** address netmask
    isakmp identity address
    isakmp client configuration address-pool local vpnpool outside
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup vpn address-pool vpnpool
    vpngroup vpn dns-server
    vpngroup vpn default-domain kangdainfo.com
    vpngroup vpn split-tunnel 101
    vpngroup vpn idle-time 1800
    vpngroup vpn authentication-server RADIUS
    vpngroup vpn password ********
    telnet inside
    telnet inside
    telnet timeout 5
    ssh inside
    ssh inside
    ssh inside
    ssh timeout 5
    console timeout 0
    vpdn group PPTP accept dialin pptp
    vpdn group PPTP ppp authentication mschap
    vpdn group PPTP ppp encryption mppe 40 required
    vpdn group PPTP client configuration address local vpnpool
    vpdn group PPTP client configuration dns
    vpdn group PPTP client authentication aaa RADIUS
    vpdn group PPTP pptp echo 60
    vpdn username PPTP password *********
    vpdn enable outside
    terminal width 80
    Michael Shiah, Mar 4, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard

    PIX to PIX to PIX meshed VPN

    Richard, Nov 13, 2003, in forum: Cisco
    Nov 15, 2003
  2. GVB
    Martin Bilgrav
    Feb 6, 2004
  3. Tom
  4. Marko Uusitalo
    Frank Durham
    Apr 11, 2005
  5. Svenn
    Mar 13, 2006

Share This Page