1. Home
  2. Cisco Systems
  3. VPN Server ans Site to site doesn't work

VPN Server ans Site to site doesn't work

Hello I have 2 pix firewalls

I have PIX 1 and pix 2 - works as VPN server (i can connect via Cisco VPN client - but i created VPN-SITE-TO-SITE and does'nt work show crypto ipsec sa show crypto isakmp sa works on remote site not in office - there is nothing i do not know where is error

Couls you have look and help me please

Robert

OFFICE - CONFIG PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 names object-group service tcp_19 tcp port-object eq www port-object eq https access-list outside_access_in permit icmp any any log access-list outside_access_in permit tcp any host 80.80.82.19 object-group tcp_19 access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0

255.255.255.0 access-list 101 permit ip 192.168.1.0 255.255.255.0 90.90.97.112 255.255.255.240 access-list RemoteOfficeACL permit ip 192.168.1.0 255.255.255.0 90.90.97.112 255.255.255.240 ip address outside 80.80.82.18 255.255.255.240 ip address inside 192.168.1.1 255.255.255.0 ip local pool ippool 192.168.2.14-192.168.2.20 global (outside) 10 interface nat (inside) 0 access-list 101 nat (inside) 10 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 80.80.82.19 192.168.1.28 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 80.80.82.17 1 sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map inside_map interface inside crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside crypto map mymap 5 ipsec-isakmp crypto map mymap 5 set transform-set myset crypto map mymap 5 match address RemoteOfficeACL crypto map mymap 5 set peer 90.90.96.239 isakmp key ********** address 90.90.96.239 netmask 255.255.255.255 no-xauth no-config-mode isakmp enable outside isakmp nat-traversal 10 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup VPMGRP address-pool ippool vpngroup VPMGRP dns-server 192.168.1.2 vpngroup VPMGRP wins-server 192.168.1.2 vpngroup VPMGRP default-domain thoughtwebfinancial.com vpngroup VPMGRP split-tunnel 101 vpngroup VPMGRP idle-time 1800 vpngroup VPMGRP password ******** vpdn enable outside dhcpd address 192.168.1.30-192.168.1.120 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside

REMOTE SITE CONFIG

PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 object-group service tcp_114 tcp port-object eq www port-object eq https object-group service tcp_117 tcp port-object eq www port-object eq 8080 access-list outside_access_in permit icmp any any log access-list outside_access_in permit tcp any host 90.90.97.114 object-group tcp_114 access-list outside_access_in permit tcp any host 90.90.97.117 object-group tcp_117 access-list outside_access_in permit tcp any host 90.90.97.118 object-group tcp_118 access-list 101 permit ip 90.90.97.112 255.255.255.248 192.168.2.0

255.255.255.0 access-list 101 permit ip 90.90.97.112 255.255.255.240 192.168.1.0 255.255.255.0 access-list RemoteOfficeACL permit ip 90.90.97.112 255.255.255.240 192.168.1.0 255.255.255.0 ip address outside 90.90.96.239 255.255.254.0 ip address inside 90.90.97.113 255.255.255.248 global (outside) 100 interface nat (inside) 0 access-list 101 nat (inside) 10 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 90.90.97.114 90.90.97.114 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.97.117 90.90.97.117 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 90.90.96.1 1 sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map inside_map interface inside crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside crypto map mymap 5 ipsec-isakmp crypto map mymap 5 set transform-set myset crypto map mymap 5 match address RemoteOfficeACL crypto map mymap 5 set peer 80.80.82.18 isakmp enable outside isakmp nat-traversal 10 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp key ********** address 80.80.82.18 netmask 255.255.255.255 no-xauth no-config-mode vpngroup VPNGRP address-pool ippool vpngroup VPNGRP dns-server 90.90.97.115 vpngroup VPNGRP wins-server 90.90.97.115 vpngroup VPNGRP default-domain thoughtwebfinancial.com vpngroup VPNGRP split-tunnel 101 vpngroup VPNGRP idle-time 1800 vpngroup VPNGRP password ******** vpdn enable outside
Reply to
Robert
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.