I'm at a loss. I've tried to get this Point to Point VPN setup from our home office to our colo'd server and I can't seem to figure out why it isn't working. Any help would be greatly appreciated. IPs have been changed to protect the innocent.
Marcos
Home Office External IP: 66.66.66.66 provided by dsl dhcp Home Office Internal IP: 192.168.3.x
Colo External IP: 55.55.55.55 Colo Internal IP: 192.168.50.x
Home Office Pix Config:
PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password securepassword passwd securepassword hostname HOME-PIX fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside_access_in permit tcp any any eq pptp access-list outside_access_in permit gre any any access-list nonat permit ip 192.168.3.0 255.255.255.0 192.168.50.0
255.255.255.0 access-list corp permit ip 192.168.3.0 255.255.255.0 192.168.50.0 255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.3.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 192.168.3.0 255.255.255.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface 47 192.168.3.2 47 netmask 255.255.255.255 0 0 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.3.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set strong esp-3des esp-md5-hmac crypto map vpn 10 ipsec-isakmp crypto map vpn 10 match address colo crypto map vpn 10 set peer 55.55.55.55 crypto map vpn 10 set transform-set strong crypto map vpn interface outside isakmp enable outside isakmp key 12345 address 55.55.55.55 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 telnet 192.168.3.0 255.255.255.0 inside telnet timeout 15 ssh timeout 5 console timeout 0 dhcpd address 192.168.3.2-192.168.3.33 inside dhcpd dns 208.67.222.222 208.67.220.220 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80COLO Pix Config:
PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password securepassword passwd securepassword hostname COLOFW fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list inbound permit icmp any any access-list inbound permit tcp any host 55.55.55.55 eq https access-list inbound permit tcp any host 55.55.55.55 eq pptp access-list inbound permit tcp any host 55.55.55.55 eq www access-list inbound permit tcp any host 55.55.55.55 eq 444 access-list inbound permit tcp any host 55.55.55.55 eq smtp access-list inbound permit gre any host 55.55.55.55 access-list inbound permit tcp any host 55.55.55.56 eq ftp access-list inbound permit tcp any host 55.55.55.56 eq ftp-data access-list inbound permit tcp any host 55.55.55.55 eq 4125 access-list inbound permit tcp any host 55.55.55.56 eq domain access-list inbound permit udp any host 55.55.55.56 eq domain access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.3.0
255.255.255.0 access-list corp permit ip 192.168.50.0 255.255.255.0 192.168.3.0 255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 55.55.55.55 255.255.255.240 ip address inside 192.168.50.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 192.168.50.0 255.255.255.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 55.55.55.55 192.168.50.55 netmask 255.255.255.255 0 0 static (inside,outside) 55.55.55.56 192.168.50.56 netmask 255.255.255.255 0 0 access-group inbound in interface outside route outside 0.0.0.0 0.0.0.0 55.55.55.54 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.50.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set strong esp-3des esp-md5-hmac crypto map vpn 10 ipsec-isakmp crypto map vpn 10 match address corp crypto map vpn 10 set peer 66.66.66.66 crypto map vpn 10 set transform-set strong crypto map vpn interface outside isakmp enable outside isakmp key 12345 address 66.66.66.66 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 telnet 192.168.50.0 255.255.255.0 inside telnet timeout 15 ssh timeout 5 console timeout 0 terminal width 80