Tom's Hardware > Forum > General Networking > VPN, VoIP, Video Conferencing, Remote Connections > Pix 501 VPN passing no traffic
Ask the community Add a reply
Word :    Username :           
 
its   10-29-2004 at 09:14:10 AM

Archived from groups: comp.dcom.sys.cisco,comp.dcom.vpn,comp.security.firewalls (More info?)

 

I've inherited a pre-confgured PIX 501 with VPN via PPTP already
setup. I can get a VPN connection from an outside client to connect
and build the tunnel perfectly. Once connected I cannot communicate
with anything on the LAN ( ping, http, browsing etc ).

It's not a resolution problem as I can't even ping by IP. Am I missing
something in my config ?

Thanks for any help.

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

domain-name ciscopix.com

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

name xxx.xxx.xxx.xxx TermServices

name 192.168.1.100 WindowsServer

name 192.168.1.41 UNIXServer

name 217.34.149.55 UNIXServerOutside

access-list inside_outbound_nat0_acl permit ip any 192.168.1.0
255.255.255.128

access-list inbound_acl permit tcp any host TermServices eq 7171

access-list inbound_acl permit tcp any host UnixServerOutside eq 5900

access-list inbound_acl permit tcp any host unixServerOutside eq 1338

access-list inbound_acl permit ip host xxx.xxx.xxx.xxx any

access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.0
255.255.255.128

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 111.222.333.444 255.255.255.240

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool VPN 192.168.1.61-192.168.1.71

pdm location 192.168.1.0 255.255.255.128 outside

pdm location TermServices 255.255.255.255 outside

pdm location WindowsServer 255.255.255.255 inside

pdm location UNIXServer 255.255.255.255 inside

pdm location UNIXServerOutside 255.255.255.255 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

global (outside) 6 UNIXServerOutside

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp TermServices 7171 WindowsServer 3389
netmask 255.255.255.255 0 0

static (inside,outside) UNIXServerOutside UNIXServer netmask
255.255.255.255 0 0

access-group inbound_acl in interface outside

route outside 0.0.0.0 0.0.0.0 111.222.333.445 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa authentication serial console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-pptp

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address
outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh 212.93.67.2 255.255.255.255 outside

ssh timeout 5

console timeout 0

vpdn group PPTP-VPDN-GROUP accept dialin pptp

vpdn group PPTP-VPDN-GROUP ppp authentication mschap

vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto

vpdn group PPTP-VPDN-GROUP client configuration address local VPN

vpdn group PPTP-VPDN-GROUP client configuration dns 213.120.62.98
213.120.62.100

vpdn group PPTP-VPDN-GROUP client configuration wins WindowsServer

vpdn group PPTP-VPDN-GROUP pptp echo 60

vpdn group PPTP-VPDN-GROUP client authentication local

vpdn username usera password *********

vpdn enable outside

dhcpd address 192.168.1.30-192.168.1.60 inside

dhcpd dns 213.120.62.98 213.120.62.100

dhcpd wins WindowsServer WindowsServer

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

username pixadmin password M2eh6jTyVo1YeOhP encrypted privilege 15

vpnclient server UNIXServer

vpnclient mode client-mode

vpnclient vpngroup Support password ********

vpnclient username Support password ********

terminal width 80

Add a reply
Sponsored Links
Register or log in to remove.
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > VPN, VoIP, Video Conferencing, Remote Connections > Pix 501 VPN passing no traffic
Go to:

There are 1247 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.389 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them