Thanks for help YIZHAR but
Still unable to connect to VPN.
Configuration as follows:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol smtp 25
names
name 10.0.0.49 PixConsole1
name 10.0.0.101 MailSvr
name 10.0.0.99 WebSvr
access-list svrs_out permit tcp any host 111.111.111.226 eq www
access-list svrs_out permit tcp any host 111.111.111.227 eq smtp
access-list svrs_out permit udp any host 111.111.111.227 eq domain
access-list svrs_out permit tcp any host 111.111.111.227 eq 139
access-list svrs_out permit udp any host 111.111.111.227 eq netbios-ns
access-list svrs_out permit udp any host 111.111.111.227 eq netbios-dgm
access-list localtovpnclient permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list nonatinside permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host inside PixConsole1
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 111.111.111.230 255.255.255.248
ip address inside 10.0.0.3 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnclientpool 10.0.1.1-10.0.1.99
pdm location 0.0.0.0 255.255.255.0 inside
pdm location 10.0.0.49 255.255.255.255 inside
pdm location PixConsole1 255.255.255.255 inside
pdm location WebSvr 255.255.255.255 inside
pdm location MailSvr 255.255.255.255 inside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 111.111.111.228-111.111.111.229
global (outside) 1 interface
nat (inside) 0 access-list nonatinside
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 111.111.111.226 WebSvr netmask 255.255.255.255 0 0
static (inside,outside) 111.111.111.227 MailSvr netmask 255.255.255.255 0 0
access-group svrs_out in interface outside
route outside 0.0.0.0 0.0.0.0 111.111.111.225 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http PixConsole1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set mytransform esp-3des
crypto dynamic-map mydynmap 10 set transform-set mytransform
crypto map mymap 100 ipsec-isakmp dynamic mydynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup tfdlvpn address-pool vpnclientpool
vpngroup tfdlvpn split-tunnel localtovpnclient
vpngroup tfdlvpn idle-time 1800
vpngroup tfdlvpn password ********
telnet PixConsole1 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Attempt to vpn in to 111.111.111.230 get this
log on Cisco vpn 3.6
1 16:01:04.820 10/24/02 Sev=Info/6 DIALER/0x63300002
Initiating connection.
2 16:01:04.830 10/24/02 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 111.111.111.230.
3 16:01:05.181 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID, VID) to 111.111.111.230
4 16:01:05.682 10/24/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
5 16:01:10.188 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 111.111.111.230
6 16:01:15.195 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 111.111.111.230
7 16:01:20.202 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 111.111.111.230
8 16:01:25.220 10/24/02 Sev=Warning/2 IKE/0xE300007C
Exceeded 3 IKE SA negotiation retransmits... peer is not responding
9 16:01:25.270 10/24/02 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).
10 16:01:26.291 10/24/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
What am I missing????or wrong about here?
snrtech
'The more I know - the more I get wrong'
The more I know...the dumber I get.
snrtech
Still unable to connect to VPN.
Configuration as follows:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol smtp 25
names
name 10.0.0.49 PixConsole1
name 10.0.0.101 MailSvr
name 10.0.0.99 WebSvr
access-list svrs_out permit tcp any host 111.111.111.226 eq www
access-list svrs_out permit tcp any host 111.111.111.227 eq smtp
access-list svrs_out permit udp any host 111.111.111.227 eq domain
access-list svrs_out permit tcp any host 111.111.111.227 eq 139
access-list svrs_out permit udp any host 111.111.111.227 eq netbios-ns
access-list svrs_out permit udp any host 111.111.111.227 eq netbios-dgm
access-list localtovpnclient permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list nonatinside permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host inside PixConsole1
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 111.111.111.230 255.255.255.248
ip address inside 10.0.0.3 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnclientpool 10.0.1.1-10.0.1.99
pdm location 0.0.0.0 255.255.255.0 inside
pdm location 10.0.0.49 255.255.255.255 inside
pdm location PixConsole1 255.255.255.255 inside
pdm location WebSvr 255.255.255.255 inside
pdm location MailSvr 255.255.255.255 inside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 111.111.111.228-111.111.111.229
global (outside) 1 interface
nat (inside) 0 access-list nonatinside
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 111.111.111.226 WebSvr netmask 255.255.255.255 0 0
static (inside,outside) 111.111.111.227 MailSvr netmask 255.255.255.255 0 0
access-group svrs_out in interface outside
route outside 0.0.0.0 0.0.0.0 111.111.111.225 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http PixConsole1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set mytransform esp-3des
crypto dynamic-map mydynmap 10 set transform-set mytransform
crypto map mymap 100 ipsec-isakmp dynamic mydynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup tfdlvpn address-pool vpnclientpool
vpngroup tfdlvpn split-tunnel localtovpnclient
vpngroup tfdlvpn idle-time 1800
vpngroup tfdlvpn password ********
telnet PixConsole1 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Attempt to vpn in to 111.111.111.230 get this
log on Cisco vpn 3.6
1 16:01:04.820 10/24/02 Sev=Info/6 DIALER/0x63300002
Initiating connection.
2 16:01:04.830 10/24/02 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 111.111.111.230.
3 16:01:05.181 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID, VID) to 111.111.111.230
4 16:01:05.682 10/24/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
5 16:01:10.188 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 111.111.111.230
6 16:01:15.195 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 111.111.111.230
7 16:01:20.202 10/24/02 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 111.111.111.230
8 16:01:25.220 10/24/02 Sev=Warning/2 IKE/0xE300007C
Exceeded 3 IKE SA negotiation retransmits... peer is not responding
9 16:01:25.270 10/24/02 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h).
10 16:01:26.291 10/24/02 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
What am I missing????or wrong about here?
snrtech
'The more I know - the more I get wrong'
The more I know...the dumber I get.
snrtech