1. Home
  2. Cisco Systems
  3. PIX-to-PIX vpn + remote Access VPN not working

PIX-to-PIX vpn + remote Access VPN not working

Hi!

I have to site A and B connected by Site to Site VPN and they are working OK. When I try to add remote access VPN for Site A so that users at home could use Both site A´s ja Site B´s services and also connect to net through site A, I can't get this to work. I have tried doing this both with PDM and commandline. I have quite a lot experiece with routers, but PIXes are still somewhat mystery to me. Does anyone have any similar working configurations to share with me?

Any help would be greatly apreciated

Best regards

Marko Uusitalo

Reply to
Marko Uusitalo
Loading thread data ...

Marko-

Here is what i used to set to remote access-vpn with the Cisco VPN client.

access-list nonat permit ip 172.16.0.0 255.255.0.0 192.168.10.0

255.255.255.0 (Access-list defining what traffic to not use NAT on) access-list 102 permit ip 172.16.0.0 255.255.0.0 192.168.10.0 255.255.255.0 (Access-list defining which traffic to use split-tunneling on) nat (interface) 0 access-list nonat (Command issued to not use NAT translation through whichever interface the VPN traffic will flow.)

sysopt connection permit-ipsec (Permits IPSEC communictation through the PIX)

crypto ipsec transform-set vpnsei esp-3des esp-md5-hmac (Setting up what type of encryption to use, there are many choices) crypto dynamic-map dynmapsei 10 set transform-set vpnsei

crypto map vpnsei 10 ipsec-isakmp dynamic dynmapsei crypto map vpnsei client configuration address initiate crypto map vpnsei client configuration address respond

isakmp client configuration address-pool local sei-1 internet

vpngroup misvpn address-pool (The vpngroup command sets up your configuration for the vpn. Your first line tells which ip pool to use) vpngroup misvpn dns-server (DNS server IP) vpngroup misvpn wins-server (WINS server ip) vpngroup misvpn default-domain (your internal domain name) vpngroup misvpn split-tunnel (This command allows your vpn users to surf the web through their ISP and only use the VPN to connect to your internal servers or services) vpngroup misvpn split-dns (your internal domain-name. Also used in conjunction with command above) vpngroup misvpn idle-time 7200 (time in seconds you want the the Pix to allow a connection to sit idle) vpngroup misvpn password ******** (VPN group password)

ip local pool sei-1 192.168.10.10-192.168.10.25 (This is the ip addresses that are assigned to the VPN Clients)

If you have any problems or more questions, send me an email at snipped-for-privacy@yahoo.com

Reply to
Frank Durham

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.