Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix 515e VPN Problem after IP change.

Status
Not open for further replies.
somascope

somascope

IS-IT--Management
Jun 4, 2006
7
US
Hi all,

The fix is probably simple. We switched ISPs and now my VPN is not working properly. The VPN is just between the Pix and remote users and is not a Pix to Pix VPN. All I did was change the ip address on the outside interface and changed the default gateway. Do I need to do something with the crypto when I change IPs? When I try to login with a VPN client I get the authentication prompt, but then after typing in the correct username and password I get a 412 error. I checked the client log and this is what I get.

Cisco Systems VPN Client Version 4.0.5 (B)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1 14:15:52.304 06/04/06 Sev=Warning/2 IKE/0xA3000067
Received Unexpected InitialContact Notify (PLMgrNotify:888)

2 14:15:58.503 06/04/06 Sev=Warning/3ere IKE/0xA300004B
Received a NOTIFY message with an invalid protocol id (0)


Here is my Pix VPN config.

access-list CiscoUnityVpnClient_splitTunnelAcl permit ip x.x.x.x x.x.x
.x any
access-list inside_outbound_nat0_acl permit ip x.x.x.x x.x.x.x x.x.
x.x x.x.x.x
access-list inside_outbound_nat0_acl permit ip x.x.x.x x.x.x.x x.x.
x.x x.x.x.x
access-list outside_cryptomap_dyn_20 permit ip any x.x.x.x x.x.x.x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp keepalive 20
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup CiscoUnityVpnClient address-pool vpnclient
vpngroup CiscoUnityVpnClient dns-server x.x.x.x
vpngroup CiscoUnityVpnClient wins-server x.x.x.x
vpngroup CiscoUnityVpnClient default-domain nspeds.ad
vpngroup CiscoUnityVpnClient split-tunnel CiscoUnityVpnClient_splitTunnelAcl
vpngroup CiscoUnityVpnClient idle-time 1800
vpngroup CiscoUnityVpnClient password ********

Any help would be greatly appreciated. Thanks.
 
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
677
GlobeTrekkerGal
GlobeTrekkerGal
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
508
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
465
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
417
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top