I am having an issue connecting a PIX to PIX VPN. The remote site config is listed below. I am new to this and have been reading for a few days to get a better understanding but I still cannot figure out what the problem is. At the remote office, I cannot get out to www using port 80 when the firewall is connected at the remote site. I know one issue is that there is not a radius server at 192.168.22.7, so I don;t know if the line "crypto map outside_map client authentication partnerauth" is part of the problem. Also, the MDZ is not in use. Any help is greatly appreciated. Thank you.
PIX Version 6.3(1) interface ethernet0 10baset interface ethernet1 100full interface ethernet2 100full shutdown nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ security50 enable password p123p12OfusCacuK encrypted passwd 95vQbsXM9lH6Yu3w encrypted hostname Company-PIX domain-name comapny.local clock timezone EST -5 clock summer-time EDT recurring fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list inside_outbound_nat0_acl permit ip 192.168.22.0
255.255.255.0 192.16 8.20.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 192.168.22.0 255.255.255.0 192.168.20. 0 255.255.255.0 pager lines 24 logging on logging buffered warnings icmp permit any unreachable outside mtu outside 1500 mtu inside 1500 mtu DMZ 1500 ip address outside 1.2.2.2 255.255.255.224 ip address inside 192.168.22.1 255.255.255.0 ip address DMZ 192.168.101.1 255.255.255.0 ip verify reverse-path interface outside ip audit name info-alarm info action alarm ip audit name Attack-Alarm attack action alarm drop ip audit interface outside info-alarm ip audit interface outside Attack-Alarm ip audit interface inside info-alarm ip audit interface DMZ info-alarm ip audit info action alarm ip audit attack action alarm pdm logging warnings 500 pdm history enable arp timeout 14400 global (outside) 10 1.2.2.3 nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 10 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 1.2.2.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa-server partnerauth protocol radius aaa-server partnerauth (inside) host 192.168.22.7 companyvpn timeout 10 http server enable http 192.168.22.103 255.255.255.255 inside http 192.168.22.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5 crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set peer 64.179.19.234 crypto map outside_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map client authentication partnerauth crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 1.1.1.1 netmask 255.255.255.255 no-xauth no-co nfig-mode isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80