PIX 501 & VPN

Dzien Dobre,

For the sake of your example, here it goes:

HQ OFFICE IP address Outside = 100.100.100.100 IP address inside = 192.168.0.254

access-list 90 permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list ASCD permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0

crypto ipsec transform-set Pix2Pix esp-3des esp-sha-hmac

crypto map toRemote 20 ipsec-isakmp crypto map toRemote 20 match address ASCD crypto map toRemote 20 set peer 90.90.90.90 crypto map toRemote 20 set transform-set Pix2Pix crypto map toRemote interface outside

isakmp enable outside isakmp key PASSWORD address 90.90.90.90 netmask 255.255.255.255

isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400

sysopt connection permit-ipsec

REMOTE OFFICE IP address Outside = 90.90.90.90 IP address inside = 10.0.0.254

access-list 80 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list MSPC permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

crypto ipsec transform-set Pix2Pix esp-3des esp-sha-hmac

crypto map toOffice 20 ipsec-isakmp crypto map toOffice 20 match address MSPC crypto map toOffice 20 set peer 100.100.100.100 crypto map toOffice 20 set transform-set Pix2Pix crypto map toOffice interface outside

isakmp enable outside isakmp key PASSWORD address 100.100.100.100 netmask 255.255.255.255

isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400

sysopt connection permit-ipsec

Julian Dragut

Don't forget that you are going to want to make sure that your external addresses on your outside interfaces.. are public addresses!!! unless you are taking the appropriate NATting precautions.

-Garrett

Julian Dragut wrote:

Thank you My config works as well - but i will put those extra lines

But the question was how can i make a config to be able connect to network via VPN client 4.6

before i had VPN site to site i had

ip local pool ippool 192.168.2.10-192.168.2.254 access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0

255.255.255.0 nat (inside) 1 access-list 101 sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map crypto map inside_map interface inside crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp nat-traversal 10 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup visebility address-pool ippool vpngroup visebility dns-server 192.168.1.2 vpngroup visebility wins-server 192.168.1.2 vpngroup visebility default-domain domain.com vpngroup visebility split-tunnel 101 vpngroup visebility idle-time 1800 vpngroup visebility password **key**

when I put Site to site - VPN server did not work

Where is error please?

Is there a reason why you have a crypto map applied to the inside interface?

Julian Dragut

HTH

Julian Dragut

email me at julianmd snipped-for-privacy@gmail.com