Cisco pix 501 VPN

[Guest_imported]

I am trying to connect three people through a Cisco pix 501 through a vpn tunnel and am having no luck I have found several pages on the web that have told like ten diffrent things I was wondering if there was anyone out there who might have had the same problem and might be able to help me out with this

 

[byteya]

Can't help you with the Pix 501, but I can say that I setup the same configuration with a Cisco VPN 3002 and it works quite slick. What are you connecting the 501 to? Another PIX?

*J*

 

[EddieVenus]

Explain in detail, I have just jumped through the PIX 501 hoops myself and might be able to shed some light on your dilemma. But I need to know what it is first.
Where are the 3 people?
Where is the 501?
What client are you using? (Cisco VPN Client 3.5.2, Cisco Secure VPN client, ...)
What are your internet connections? (T1, fT1, DSL, cable, ISDN, dialup)
what OS's are they if you are not using a client with IPSec? i.e. if you are using winXPpro with PPTP to the PIX
I will see if I can help.

 

[mst3k]

I am having similar vpn headaches.... I see plenty on getting the pix opened up to an incoming vpn connection that has a static ip, but not so much on what I am trying to do.. here's what I got...

Static ip to my pix 501 at the office. (one outisde IP)
Behind the pix is my win2k AD network.
From houses, they are all cable connections (dynamic ip)
All clients are winxp pro

I would like to be able to use just the internal windows software, pptp, ias, etc.. but will use the cisco clients of need be.

Only luck i've had so far was getting what I thought was the right configuration on my pix, but it didn't seem like the traffic was being forwarded to my ias/rras server. (getting dial up networking no response errors, nothing about authentication failures)

Anyone had / have (preferrably _had_ similar problems??

Thanks much

 

[Pieter666]

Found some good docs on the Cisco site.
These is my pix interfaces
inside ip: 192.168.1.32 255.255.255.0
outside ip: 194.7.xxx.xxx 255.255.255.xxx

These are the line I added to my pix to create a PPTP VPN possibility

ip local pool pptp-pool 192.168.254.1-192.168.254.254
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username MyUser password MyPassword
vpdn enable outside

A good cisco link :

http://www.cisco.com/warp/public/110/pptpcrypto3.html

Have fun !!!!

 

[questionmark]

The tunnel has been established sucessfully. But I can't get access to the remote server even though I can ping it.
Here is the error msg I got:
There are currently no logon servers available to service the logon request.

Can someone tell me how to fix this problem?

Thanx.

 

[questionmark]

The tunnel has been established sucessfully. But I can't get access to the remote server even though I can ping it.
Here is the error msg I got:
There are currently no logon servers available to service the logon request.

Can someone tell me how to fix this problem?

Thanx.

 

[Pieter666]

Try to install a WINS server on your local networtk and add the WINS to the DHCP of the VPN tunnel.

P.

 

[EddieVenus]

Pieter666 ,also you might need to add that IP into your lmhosts file on the machines not behind the PIX. That way your machines can do the IP-->name conversion on its own without WINS, or DNS. It is a good idea to always add static IPs on remote LANs to this file if size permits. This would be stupid on a large network, or on a DHCP controlled network, but on static, small lans, this helps cure your problem. Also make sure you are not NATing traffic going thru the VPN tunnel. This will give similar results since the packets get there, they just are not formated right. Finally if the remote (i.e. not behind the PIX) machines are using gateways, i.e. personal firewall router solutions, they may need to use lower MTU settings(1400 works well). Also of course they need to be allowing IPsec passthru. But I would try to see if you are NATing (PATing) your VPN traffic first. That messed me up once.