I am having trouble getting my config correct for dial-up vpn clients to connect to a PIX 506E IOS 6.3. I am trying to use vpdn commands in the config. I have several IPSEC-ISAKMP tunnels already established from other PIX boxes in the organization but I need to get our road warrior users connected to the PIX VPN network. I will post the truncated config below. Currently when I try to connect via the Win2k VPN Client I get an Error 678: No Answer message.
<<<Begin Config>>>
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
...
...
access-list 90 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
...
access-list acl_out permit tcp any host x.x.x.98 eq 3389
access-list acl_out permit icmp any any echo-reply
access-list acl_out permit icmp any any unreachable
access-list acl_out permit icmp any any echo
access-list acl_out permit gre any host x.x.x.106
access-list acl_out permit tcp any host x.x.x.106 eq pptp
access-list acl_out permit tcp any host x.x.x.107 eq www
access-list acl_out permit tcp any host x.x.x.107 eq https
access-list acl_out permit tcp any host x.x.x.107 eq ftp
access-list acl_out permit tcp any host x.x.x.107 eq ssh
access-list acl_out permit icmp any any time-exceeded
...
access-group acl_out in interface outside
...
ip local pool ippool 192.168.1.100-192.168.1.199
...
nat (inside) 0 access-list 90
...
sysopt connection permit-pptp
...
vpdn group DialInVpn accept dialin pptp
vpdn group DialInVpn ppp authentication pap
vpdn group DialInVpn ppp authentication chap
vpdn group DialInVpn ppp authentication mschap
vpdn group DialInVpn client configuration address local ippool
vpdn group DialInVpn pptp echo 60
vpdn group DialInVpn client authentication local
vpdn username test password test
vpdn enable outside
...
<<<end config>>>
Chris
Network Analyst
United Communications, Inc.
<<<Begin Config>>>
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
...
...
access-list 90 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
...
access-list acl_out permit tcp any host x.x.x.98 eq 3389
access-list acl_out permit icmp any any echo-reply
access-list acl_out permit icmp any any unreachable
access-list acl_out permit icmp any any echo
access-list acl_out permit gre any host x.x.x.106
access-list acl_out permit tcp any host x.x.x.106 eq pptp
access-list acl_out permit tcp any host x.x.x.107 eq www
access-list acl_out permit tcp any host x.x.x.107 eq https
access-list acl_out permit tcp any host x.x.x.107 eq ftp
access-list acl_out permit tcp any host x.x.x.107 eq ssh
access-list acl_out permit icmp any any time-exceeded
...
access-group acl_out in interface outside
...
ip local pool ippool 192.168.1.100-192.168.1.199
...
nat (inside) 0 access-list 90
...
sysopt connection permit-pptp
...
vpdn group DialInVpn accept dialin pptp
vpdn group DialInVpn ppp authentication pap
vpdn group DialInVpn ppp authentication chap
vpdn group DialInVpn ppp authentication mschap
vpdn group DialInVpn client configuration address local ippool
vpdn group DialInVpn pptp echo 60
vpdn group DialInVpn client authentication local
vpdn username test password test
vpdn enable outside
...
<<<end config>>>
Chris
Network Analyst
United Communications, Inc.
