I can't seem to get a tunnel set up and wondered what I might have wrong in my config. Comments appreciated.
If it matters, I can access internet from both sites. I can also use msoft VPN from home to hit host server, but when I am at the remote site, I get an 800 error (this bit of info may be unrelated, i dunno).
HOST PIX:
PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ............ encrypted passwd ............ encrypted hostname DwyerPix-L domain-name dwyer.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 101 permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 64.156.242.196 255.255.255.248 ip address inside 10.0.0.10 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 10.0.0.0 255.255.255.0 0 0 alias (inside) 10.0.0.11 64.156.242.195 255.255.255.255 static (inside,outside) 64.156.242.195 10.0.0.11 netmask
255.255.255.255 0 0 static (inside,outside) 64.156.242.194 10.0.0.215 netmask 255.255.255.255 0 0 static (inside,outside) 64.156.242.197 10.0.0.1 netmask 255.255.255.255 0 0 conduit permit tcp host 64.156.242.194 eq smtp any conduit permit tcp host 64.156.242.194 eq www any conduit permit tcp host 64.156.242.194 eq 1677 any conduit permit tcp host 64.156.242.195 eq www any conduit permit tcp host 64.156.242.194 eq 1604 any conduit permit tcp host 64.156.242.194 eq citrix-ica any conduit permit icmp any any unreachable conduit permit icmp any any time-exceeded conduit permit icmp any any echo-reply conduit permit tcp host 64.156.242.194 eq pop3 any conduit permit tcp host 64.156.242.197 eq www any conduit permit ip any host 66.92.149.118 conduit permit tcp host 64.156.242.197 eq pptp any conduit permit gre host 64.156.242.197 any route outside 0.0.0.0 0.0.0.0 64.156.242.193 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set dwyerl esp-des crypto map burton 1 ipsec-isakmp crypto map burton 1 match address 101 crypto map burton 1 set peer 70.21.120.65 crypto map burton 1 set transform-set dwyerl crypto map burton interface outside isakmp enable outside isakmp key ******** address 70.21.120.65 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 telnet 10.0.0.0 255.255.255.0 inside telnet 10.0.1.0 255.255.255.0 inside telnet timeout 30 ssh 68.106.147.111 255.255.255.255 outside ssh timeout 60 console timeout 60 terminal width 80 CryptochecksumREMOTE PIX PIX Version 6.3(4)
Interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password .............. encrypted passwd .............. encrypted hostname DwyerPix-B domain-name dwyer.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 101 permit ip 10.0.1.0 255.255.255.0 10.0.0.0 255.255.255.0
pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 70.21.120.65 255.255.255.0 ip address inside 10.0.1.10 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 10.0.1.0 255.255.255.0 0 0 conduit permit tcp host 70.21.120.65 eq telnet any route outside 0.0.0.0 0.0.0.0 70.21.120.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set dwyer esp-3des crypto map leesburg 1 ipsec-isakmp crypto map leesburg 1 match address 101 crypto map leesburg 1 set peer 70.21.120.65 crypto map leesburg 1 set transform-set dwyer crypto map leesburg interface outside isakmp enable outside isakmp key ******** address 64.156.242.196 netmask 255.255.255.255 isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 telnet 10.0.1.0 255.255.255.0 inside telnet 10.0.0.0 255.255.255.0 inside telnet timeout 30 ssh timeout 1 console timeout 60 terminal width 80Tia, Matt