1. Home
  2. Cisco Systems
  3. PIX 501 and Connection to Company VPN.

PIX 501 and Connection to Company VPN.

Hi everyone,

I have pretty new to PIX, and have been beating my head trying to get my VPN connection to my employer working again. My network consists of a single PC behind a PIX 501. The PIX gets it IP address via DHCP and is PAT configured. I use a Nortel Client app with RSA to connect. When I try, I get a message saying "Checking for banner text from:". This article describes this error and references opening AH and ESP on the outside interface. So far, I have not had any luck getting this resolved. I am familiar with Access Lists, but seem to be getting lost on the translation rules.

Can anyone point me in the right direction? I would appreciate it greatly!

Thanks, Michael

Nortel Document.

formatting link

Reply to
deadbolt67
Loading thread data ...

upon executing the commands "debug crypto isakmp" and "debug crypto ipsec", I get nothing returned. Last night I did a "config factory-default" so all of the stuff I had been trying is gone.

This is a show config:

PIX Version 6.3(3)109 interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.111.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.111.3 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.111.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.111.3 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.111.2-192.168.111.33 inside dhcpd lease 3600 dhcpd ping_timeout 750 terminal width 80

Reply to
deadbolt67

Hi,

Drop us the output of

debug crypto isakmp debug crypto ipsec

We'll try to help you.

AAA

Reply to
AAA

show crypto isakmp sa

something?

clear crypto isakmp sa

having the same debug in background + make sure you should have vpn traffic

AA

Reply to
AAA

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.