Hello Lists,
Help required setting up a remote access vpn using PIX 501 ios 6.1 (4) and cisco vpn clients version 4 .6 and above. I have used the following config, yet am getting no response from peer when attempting the vpn connection from a client - can some one please point out the obvious to me as i have very limited experience using Pix VPN:
Building configuration... : Saved : PIX Version 6.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password BreEjXKPBNBYOIzY encrypted passwd BreEjXKPBNBYOIzY encrypted hostname ****** domain-name ******* fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list fromoutside permit icmp any any access-list fromoutside permit tcp any host a.b.c.d eq smtp access-list fromoutside permit tcp any host a.b.c.d eq 3389 access-list fromoutside permit tcp any host a.b.c.d eq 5081 access-list fromoutside permit tcp any host a.b.c.d eq 3389 access-list fromoutside permit tcp any host a.b.c.d eq www access-list fromoutside permit tcp any host a.b.c.d eq www access-list 101 permit ip 10.0.0.0 255.255.255.0 10.99.0.0
255.255.255.0 access-list 101 permit ip 10.1.1.0 255.255.255.0 10.99.0.0 255.255.255.0 pager lines 24 interface ethernet0 10baset interface ethernet1 10baset mtu outside 1500 mtu inside 1500 ip address outside a.b.c.d 255.255.255.248 ip address inside 10.0.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool ippool 10.99.0.1-10.99.0.40 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) a.b.c.d 10.0.0.2 netmask 255.255.255.255 0 0 static (inside,outside) a.b.c.d 10.0.0.145 netmask 255.255.255.255 0 0 access-group fromoutside in interface outside route outside 0.0.0.0 0.0.0.0 a.b.c.d 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp client configuration address-pool local ippool outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup remote address-pool ippool vpngroup remote dns-server 10.0.0.2 vpngroup remote default-domain a.b.c.d.local vpngroup remote split-tunnel 101 vpngroup remote idle-time 1800 vpngroup remote password ******** telnet 0.0.0.0 0.0.0.0 inside telnet timeout 60 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 terminal width 80 Cryptochecksum:c8c0dd8e00a3c69fc1b133c04a54e0e5 : end [OK]Am happy to post "sh" commands if required.
Any help with regards the VPN is appreciated, also other pointers along the way can only assist.
TIA
J