connect pix with cisco vpn client

From: Tom Young (gitsyoung@yahoo.co.jp)
Date: Mon Jul 28 2003 - 22:23:56 GMT-3

• Next message: Jean-Francois Vaillancourt: "Re: IP expert lab 36 : Should I feel bad"
• Previous message: yu chunyan: "RE: ´äÀå(Re): RE: How should i do..?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, group

  I am testing the connection between pix and Cisco VPN
client, but failured everytime. I confused with it.I
pasted the pix's config here, it is a really config in my
lab, you could try it, the password is cisco. I tried
everything ike type, md5 and sha, but couldn't success. My
client version is 3.6.4.
Really hope you could help me do it.

Thanks alot

pixfirewall# sh start
: Saved
: Written by enable_15 at 19:04:39.959 UTC Mon Jul 28 2003
PIX Version 6.2(2)
nameif ethernet0 inside security100
nameif ethernet1 outside security0
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name cisco.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list inside_outbound_nat0_acl permit ip any
192.168.0.0 255.255.255.248
access-list outside_cryptomap_dyn_20 permit ip any
192.168.0.0 255.255.255.248
access-list outside_cryptomap_dyn_40 permit ip any
192.168.0.0 255.255.255.248
access-list outside_cryptomap_dyn_60 permit ip any
192.168.0.0 255.255.255.248
pager lines 24
interface ethernet0 100full
interface ethernet1 10baset
icmp permit any inside
icmp permit any outside
mtu inside 1500
mtu outside 1500
ip address inside 192.168.0.1 255.255.255.0
ip address outside 210.238.186.228 255.255.255.248
ip audit info action alarm
ip audit attack action alarm
ip local pool pix 192.168.0.3-192.168.0.7
no failover
failover timeout 0:00:00
failover poll 15
failover ip address inside 0.0.0.0
failover ip address outside 0.0.0.0
pdm location 192.168.0.2 255.255.255.255 inside
pdm location 192.168.0.2 255.255.255.255 outside
pdm history enable
arp timeout 14400
global (outside) 1 210.238.186.227
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 210.238.186.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc
0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.0.2 255.255.255.255 inside
http 192.168.0.2 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set ESP-DES-SHA esp-des
esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des
esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address
outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set
ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 match address
outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set
ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 match address
outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set
ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic
outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
vpngroup cisco address-pool pix
vpngroup cisco dns-server 210.196.3.183
vpngroup cisco idle-time 1800
vpngroup cisco password ********
vpngroup cisco1 address-pool pix
vpngroup cisco1 idle-time 1800
vpngroup cisco1 password ********
vpngroup cisco2 address-pool pix
vpngroup cisco2 idle-time 1800
vpngroup cisco2 password ********
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:34748149e2d0aea3b0698222334629c7
pixfirewall#

• Next message: Jean-Francois Vaillancourt: "Re: IP expert lab 36 : Should I feel bad"
• Previous message: yu chunyan: "RE: ´äÀå(Re): RE: How should i do..?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:56 GMT-3