Hi all, A customer of mine have just gotten a new Cisco Pix 506E, and we are experiencing some trouble with it. Hope some of you can point me in the right direction to fix this...
- Using PDM on the inside, I loose connection to the PDM java app after a while. Have to close the browser all together and log back on to access it. Have anyone experienced this? (Tried different browsers, same result)
- VPN Users use PPTP to access the firewall. Most of the clients are on Windows Vista, but XP users reportedly also have problems. What I've heard is that they loose connection after a while, altthough the connection icon still tells the user that he/she is connected. Workaround is to manually disconnect and connect again.
Should I try to play with the MTU size on the inside interface to see if this can have any effect?
I have never had these problems on a PIX before, so I'm not sure where to start looking for errors. I have installed a syslog server that hopefully will give me some info, but any pointers would be deeply appreciated. My config is as follows:
mtu inside 1500 ip address outside xxx.xxx.44.62 255.255.252.0 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool VPNPool 192.168.1.101-192.168.1.150 mask 255.255.255.0 pdm location 192.168.1.2 255.255.255.255 inside pdm location 213.179.57.7 255.255.255.255 outside pdm location 192.168.1.0 255.255.255.0 outside pdm location 192.168.1.24 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface www 192.168.1.24 www netmask
255.255.255.255 0 0 access-group inbound in interface outside route outside 0.0.0.0 0.0.0.0 xxx.xxx.44.61 10 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 5 aaa-server RADIUS deadtime 1 aaa-server RADIUS (inside) host 192.168.1.2 cisco timeout 5 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-pptp isakmp nat-traversal 20 telnet 84.209.249.249 255.255.255.255 outside telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group PPTP_VPN accept dialin pptp vpdn group PPTP_VPN ppp authentication chap vpdn group PPTP_VPN client configuration address local VPNPool vpdn group PPTP_VPN client configuration dns 192.168.1.2 vpdn group PPTP_VPN pptp echo 60 vpdn group PPTP_VPN client authentication local vpdn username cisco password ********* vpdn username vpn password ********* vpdn username trond password ********* vpdn enable outside dhcpd address 192.168.1.20-192.168.1.100 inside dhcpd dns 192.168.1.2 84.20.96.10 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum: : end [OK]Best regards, Trond Hindenes Norway