VPN problem followup, trying to connect PIX and Router

Hi guys,

Sorry for the other post, I should've just posted the configs in the first place.

I'm going to post both configurations, so people have a better view of what I'm trying to do here. I'm trying to make a VPN between a Router and PIX, and I have no idea what I'm doing wrong :( I don't know if it's a problem with my config, or a blocked UDP port.

I'd really appreciate any input, thanks in advance.

version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 2621 ! logging queue-limit 100 enable secret 5 xxx enable password xxx ! ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key temporary address xxx.xxx.62.130 ! ! crypto ipsec transform-set tunnel esp-des esp-md5-hmac !

crypto map To_PIX 25 ipsec-isakmp set peer xxx.xxx.62.130 set transform-set tunnel match address 150 ! ! interface FastEthernet0/0 description "WAN" ip address xxx.xxx.198.24 255.255.255.0 ip nat outside no ip mroute-cache speed auto full-duplex no cdp enable crypto map To_PIX ! interface FastEthernet0/1 description To "LAN)" ip address 10.0.3.254 255.255.255.0 ip nat inside no ip mroute-cache duplex auto speed auto no cdp enable ! ip nat inside source list 102 interface FastEthernet0/0 overload ip nat inside source route-map nonat pool branch overload ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 xxx.xxx.198.1 ! ! ! access-list 102 permit ip 10.0.3.0 0.0.0.255 any access-list 150 permit ip 10.0.3.0 0.0.0.255 10.0.1.0 0.0.0.255 access-list 150 deny ip any any access-list 160 deny ip 10.0.3.0 0.0.0.255 10.0.1.0 0.0.0.255 access-list 160 permit ip 10.0.3.0 0.0.0.255 any ! route-map nonat permit 10 match ip address 160 ! snmp-server community public RO snmp-server enable traps tty ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 password temporary login ! ! end

PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xxxx passwd xxx hostname PIX fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list ipsec permit ip 10.0.1.0 255.255.255.0 10.0.3.0

255.255.255.0 access-list ipsec permit ip 10.0.1.0 255.255.255.0 10.0.4.0 255.255.255.0 access-list nonat permit ip 10.0.1.0 255.255.255.0 10.0.3.0 255.255.255.0 access-list nonat permit ip 10.0.1.0 255.255.255.0 10.0.4.0 255.255.255.0 pager lines 24 logging on icmp permit any outside mtu outside 1500 mtu inside 1500 ip address outside xxx.xxx.62.130 255.255.255.248 ip address inside 10.0.1.253 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 xxx.xxx.62.131 nat (inside) 0 access-list nonat nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 xxx.xxx.62.129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set tunnel esp-des esp-md5-hmac crypto map To_Router 10 ipsec-isakmp crypto map To_Router 10 match address ipsec crypto map To_Router 10 set peer xxx.xxx.198.24 crypto map To_Router 10 set transform-set tunnel crypto map To_Router interface outside isakmp enable outside isakmp key ******** address xxx.xxx.198.24 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 telnet 0.0.0.0 0.0.0.0 outside telnet 10.0.1.0 255.255.255.0 inside telnet timeout 10 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 30 console timeout 0 terminal width 80

.Cos.

Reply to
cosmicspin
Loading thread data ...

Note: I tested with ping between both devices, and they both respond. Just wanted to add that in... In case someone questioned communication between devices.

.cos.

Reply to
cosmicspin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.