Comments are available to members only. Sign up or Log in to view these comments.
Main Topics
Browse All Topics
Loading Advertisement...
Question
Cisco Pix 501 VPN issues
Okay,
I have two sites that I need connected by a site to site vpn. One site we'll call A
has a cisco 1700 series. Site B has a cisco pix 501 connecting through a dsl
modem. With the configurations I currently have the vpn is established. However
I cannot ping from network to network, and in the cisco pix pdm only decrypting
packets come across, no encrypting or error packets come through.
Below are the configurations:
Cisco Pix 501 Site B
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname stonehedge
domain-name glv
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 172.16.100.0 GLV
access-list inside_outbound_nat0_acl permit ip any 172.16.101.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 172.16.101.0 255.255.255.0 GLV 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 172.16.101.0 255.255.255.240
access-list outside_cryptomap_20 permit ip 172.16.101.0 255.255.255.0 GLV 255.255.255.0
access-list 10 permit icmp any any
access-list 10 permit tcp any any
access-list 10 permit udp any any
access-list 10 permit ip any any
pager lines 24
logging on
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 192.168.1.5 255.255.255.0
ip address inside 172.16.101.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool GLV 172.16.101.4-172.16.101.9
pdm location 172.16.101.4 255.255.255.255 inside
pdm location 172.16.101.10 255.255.255.255 inside
pdm location GLV 255.255.255.0 outside
pdm location 172.16.101.0 255.255.255.0 outside
pdm location 172.16.101.0 255.255.255.240 outside
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
access-group 10 in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 172.16.101.4 255.255.255.255 inside
http 172.16.101.10 255.255.255.255 inside
http 172.16.101.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set 3DES-SHA mode transport
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 66.xx.xx.10
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 66.xx.xx.10 netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 180
telnet 172.16.101.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local GLV
vpdn group PPTP-VPDN-GROUP client configuration dns 172.16.101.1
vpdn group PPTP-VPDN-GROUP client configuration wins 172.16.101.1
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username xx password *********
vpdn username xx password *********
vpdn enable outside
terminal width 80
Cryptochecksum:f5c5414af32
: end
Cisco 1700 Config
Current configuration : 3632 bytes
!
! Last configuration change at 21:41:06 UTC Mon Apr 25 2005 by poamann
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GullLakeView
!
boot system flash:c1700-k9o3sy7-mz.122
logging queue-limit 100
logging buffered 51200 debugging
enable secret 5 $1$Kyj5$T2uWkmzM1aNldA3a1P
!
username xxx privilege 15 secret 5 $1$IOYs$PYkN0Yn209RXQtsprU
ip subnet-zero
!
!
ip name-server 216.165.xxx.157
ip name-server 134.215.xxx.126
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key ******* address 69.xxx.xxx.214
!
!
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Stonehedge
set peer 69.xxx.xxx.214
set transform-set ESP-3DES-SHA1
match address 101
!
!
!
!
interface Ethernet0
description $ETH-WAN$
ip address 66.xx.xx.10 255.255.255.252
ip access-group internet_input_filter in
no ip redirects
no ip unreachables
ip nat outside
half-duplex
crypto map SDM_CMAP_1
!
interface FastEthernet0
ip address 172.16.100.1 255.255.255.0
ip access-group generic_input_filter in
no ip redirects
no ip unreachables
ip nat inside
speed auto
!
interface Virtual-Template1
no ip address
!
ip nat inside source route-map SDM_RMAP_1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 66.xx.xx.9
no ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended anti_spoof_out
permit ip 172.16.100.0 0.0.0.255 any
deny ip any any
ip access-list extended generic_input_filter
deny udp any eq 0 any eq 0
deny 255 any any
permit ip host 0.0.0.0 any
permit ip host 255.255.255.255 any
permit ip 172.16.100.0 0.0.0.255 any
deny ip any any
ip access-list extended internet_input_filter
remark SDM_ACL Category=17
permit udp any host 66.xx.xx.10 eq non500-isakmp
permit udp any host 66.xx.xx.10 eq isakmp
permit esp any host 66.xx.xx.10
permit ahp any host 66.xx.xx.10
permit gre any host 66.xx.xx.10
deny udp any eq 0 any eq 0
deny 255 any any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 0.15.255.255 any
permit ip any any
!
logging trap debugging
access-list 98 permit any
access-list 99 permit 172.16.100.0 0.0.0.255
access-list 99 permit 172.16.101.0 0.0.0.255
access-list 99 deny any
access-list 100 remark SDM_ACL Catergory=18
access-list 100 remark IPSec Rule
access-list 100 deny ip 172.16.100.0 0.0.0.255 172.16.101.0 0.0.0.255
access-list 100 permit ip 172.16.100.0 0.0.0.255 any
access-list 101 remark SDM_ACL Catergory=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 172.16.100.0 0.0.0.255 172.16.101.0 0.0.0.255
access-list 110 remark SDM_ACL Catergory=16
access-list 110 permit ip 172.16.100.0 0.0.0.255 172.16.101.0 0.0.0.255
access-list 111 permit ip 172.16.100.0 0.0.0.255 172.16.101.0 0.0.0.255
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
line con 0
speed 115200
line aux 0
line vty 0 4
access-class 99 in
password 7 12140A19160A15
login local
transport input telnet ssh
line vty 5 15
access-class 99 in
password 7 151F0402002B32
login local
transport input telnet ssh
!
ntp clock-period 17179955
ntp peer 192.43.244.18
ntp peer 18.145.0.30
ntp peer 192.5.41.214
end
Thanks for the help!!
Steve
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: pazmanproPosted on 2005-04-25 at 19:12:48ID: 13863605
Comments are available to members only. Sign up or Log in to view these comments.