Cisco VPN client to PIX

[themut]

Hello folks,

I have configured the PIX for remote VPN access and the tunnel is not being established. PIX is running 6.2(2) and I have tried with VPN clients 3.6 and 4.0. I have configured 3DES-SHA and 3DES-MD5 proposals but it doesn´t make any difference. The debugs are always the same, attributes are never accepted. Debugs from the PIX show the following output:

ISAKMP (0): Checking ISAKMP transform 8 against priority 10 policy
ISAKMP: encryption... What? 7?
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
ISAKMP: attribute 3584
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 9 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: extended auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x20 0xc4
crypto_isakmp_process_block: src X.X.X.121, dest X.X.X.122
ISAKMP (0): deleting SA: src X.X.X.121, dst X.X.X.122
ISADB: reaper checking SA 0x813e7bc0, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:X.X.X.121 Ref cnt decremented to:0 Total VPN Peers:1
VPN Peer: ISAKMP: Deleted peer: ip:X.X.X.121 Total VPN peers:0

The VPN client never receives any packets from the PIX. I have even connected the client to the outside interface with a crossover cable and obtained the same results. It is very weird... Any feedback will be greatly appreciated.

 

[dopehead]

did you remember "sysopt connection permit-ipsec"
Also tru to post the vpn part of your pix config, so we can check it.

Jan

 

[themut]

Jan,

Thanks for your reply! I never figured out the problem. The configuration was fine, I´ve been configuring VPN for quite some time now and this was very weird. Anyways, I upgraded the PIX to 6.3(3) and configured AES instead and that fixed the problem, I can VPN fine now.