July 9, 2008 08:16am pdt

1. RobWill 276,428
2. batry_boy 232,484
3. lrmoore 118,788
4. arnold 107,903
5. mwecompu... 65,324
6. dpk_wal 52,425
7. mkielar 41,600
8. ebjers 39,050
9. MrHusy 38,470
10. Cyclops3590 32,200
11. Voltz-dk 28,470
12. TechSoEasy 28,114
13. trinak96 26,165
14. keith_al... 21,046
15. stuknhawaii 20,075

1. RobWill 1,429,321
2. lrmoore 919,531
3. batry_boy 407,194
4. grblades 214,434
5. rsivanandan 145,141
6. calvinetter 112,055
7. arnold 109,903
8. dpk_wal 105,425
9. TechSoEasy 101,193
10. mwecompu... 83,124
11. tim_holman 75,964
12. keith_al... 75,885
13. MrHusy 71,744
14. ewtaylor 68,324
15. Cyclops3590 68,145

03.06.2008 at 04:30PM PST, ID: 23221655

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

5.4

PIX 515E VPN client connection problems

Zone: Virtual Private Networking (VPN)

Tags: VPN, PIX, 515E, CISCO, VPN Client

I have a PIX 515E and am trying to connect via vpn using VPN client version 5.xxx and running vista. I can connect but once I get in, I can't ping any servers by IP and when I ping by name it resolves to a weird IP that has nothing to do with us. Please take a look at my config and let me know if there is something I did incorrectly...

Thanks in advance!

PIX Version 6.3(1)
interface ethernet0 10full
interface ethernet1 100full
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
enable password HYbXdsfsakv7w encrypted
passwd 8VEVNagasteecI7Bz encrypted
hostname PIX
domain-name mydomain.net
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
no names
access-list firmout permit icmp any any echo-reply
access-list firmout permit gre any any
access-list firmout permit tcp any host 1.1.1.1 eq 6502
access-list firmout permit udp any host 1.1.1.1 eq 6502
access-list firmout permit tcp any host 1.1.1.1 eq smtp
access-list firmout permit tcp any host 1.1.1.1 eq pop3
access-list firmout permit tcp any host 1.1.1.1 eq pptp
access-list firmout permit tcp any any eq www
access-list firmout permit tcp any any eq https
access-list firmout permit tcp any any eq smtp
access-list firmout permit tcp any host 1.1.1.1 eq 5900
access-list firmout permit tcp any host 1.1.1.1 eq 5900
access-list firmout permit tcp any any eq 6112
access-list firmout permit tcp any host 1.1.1.1 eq smtp
access-list firmout permit tcp any host 1.1.1.1 eq pop3
access-list firmout permit tcp any host 1.1.1.1 eq ftp
access-list firmout permit tcp any host 1.1.1.1 eq ftp-data
access-list firmout permit tcp any host 1.1.1.1 eq www
access-list firmout permit tcp any host 1.1.1.1 eq www
access-list firmout permit udp any host 1.1.1.1 eq 1200
access-list firmout permit tcp any host 1.1.1.1 eq 3389
access-list firmout permit tcp any host 1.1.1.1 eq ftp
access-list firmout permit tcp any any eq ssh
access-list 100 permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0
access-list vpn_split_tunnel permit 192.168.0.0 255.255.0.0
pager lines 24
logging console debugging
logging buffered debugging
icmp permit any outside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 1.1.1.1 255.255.255.224
ip address inside 192.168.1.1 255.255.255.0
ip address intf2 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_pool 172.16.1.2-172.16.1.255
pdm location 192.168.0.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.255 inside
pdm location 192.168.1.9 255.255.255.255 inside
pdm location 192.168.1.51 255.255.255.255 inside
pdm location 192.168.1.88 255.255.255.255 inside
pdm location 192.168.1.108 255.255.255.255 inside
pdm location 192.168.1.124 255.255.255.255 inside
pdm location 192.168.1.157 255.255.255.255 inside
pdm location 192.168.1.185 255.255.255.255 inside
pdm location 192.168.1.195 255.255.255.255 inside
pdm location 192.168.1.206 255.255.255.255 inside
pdm location 192.168.7.0 255.255.255.0 inside
pdm location 192.168.50.46 255.255.255.255 inside
pdm location 192.168.50.48 255.255.255.255 inside
pdm location 192.168.50.200 255.255.255.255 inside
pdm location 192.168.50.0 255.255.255.0 inside
pdm location 192.168.51.0 255.255.255.0 inside
pdm location 192.168.52.0 255.255.255.0 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 1.1.1.1
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 1.1.1.1 192.168.1.157 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.50.46 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.50.48 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.185 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.195 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.124 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.51 netmask 255.255.255.255 0 0
access-group firmout in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
route inside 192.168.0.0 255.255.255.0 192.168.1.6 1
route inside 192.168.7.0 255.255.255.0 192.168.1.6 1
route inside 192.168.50.0 255.255.255.0 192.168.1.6 1
route inside 192.168.51.0 255.255.255.0 192.168.1.6 1
route inside 192.168.52.0 255.255.255.0 192.168.1.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.1.74 pixbackup.cfg
no floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup ITGroup address-pool vpn_pool
vpngroup ITGroup dns-server 192.168.1.70
vpngroup ITGroup wins-server 192.168.1.70
vpngroup ITGroup default-domain mydomain.net
vpngroup ITGroup split-tunnel vpn_split_tunnel
vpngroup ITGroup idle-time 1800
vpngroup ITGroup password ********
telnet timeout 5
ssh timeout 5
console timeout 0

Start your free trial to view this solution

Question Stats

Zone: Software

Question Asked By: Undisputed

Solution Provided By: Undisputed

Participating Experts: 3

Solution Grade: B

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

03.06.2008 at 05:23PM PST, ID: 21066438

Rank: Wizard

batry_boy:

I know that these have been changed for security reasons, but are the 1.1.1.1 addresses really all the same IP address in your real configuration?

static (inside,outside) 1.1.1.1 192.168.1.157 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.50.46 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.50.48 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.185 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.195 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.124 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.1 192.168.1.51 netmask 255.255.255.255 0 0

This shouldn't work correctly the way if this is true. You would need to implement the port redirection syntax of the "static" command in order to reuse the same public IP addresses going to multiple inside hosts.

Also, you're running a really old, i.e. really buggy, version of code. I would upgrade your PIX code to version 6.3(5) at your earliest opportunity. It may even fix this issue.

Download the new PIX code (should be named pix635.bin), put it on a TFTP server, then issue this command from the PIX:

copy tftp://<TFTP_server_IP>/pix635.bin flash:image

Then reload the PIX with the "reload" command.

03.06.2008 at 05:31PM PST, ID: 21066503

Undisputed:

those are all different IP addresses but I was too lazy to change all of them.

I was wondering if that's what I should do also... so basically my commands look good right?

03.06.2008 at 05:45PM PST, ID: 21066548

Rank: Wizard

batry_boy:

For the most part, yes. There is one command that I would change, but it shouldn't have anything to do with your issue. The command:

crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map

has a very low ID number that will potentially conflict with any future L2L crypto map entries. I would change it to have the ID number of 65535. Here are the commands to remove the current entry, put in the new one and reapply the map to the outside interface. Again, I don't expect this to fix your issue, but I would put it in anyway.

no crypto map outside_map 20
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside

I would seriously consider not troubleshooting this too much until you upgrade your code. A lot has changed since 6.3(1)....:)

03.06.2008 at 06:05PM PST, ID: 21066680

Undisputed:

I tried that as well batry boy but i will change it back to that. I will also upgrade my code. It should just upgrade without having to change anything right? Just a reboot?

03.06.2008 at 06:12PM PST, ID: 21066713

Rank: Wizard

batry_boy:

That's right.

03.07.2008 at 01:33AM PST, ID: 21068533

Undisputed:

Ok I upgraded my pix software to 6.3(5) and it is still acting the same way.

I even tried with isakmp nat-traversal 20 removed and still nothing.

03.07.2008 at 04:32AM PST, ID: 21069335

Rank: Wizard

batry_boy:

Repost the upgraded config and I'll have a look.

03.07.2008 at 09:38AM PST, ID: 21072501

Undisputed:

PIX Version 6.3(5)
interface ethernet0 10full
interface ethernet1 100full
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
enable password HYbXwD6Esfasfda encrypted
passwd 8VsdafqrzB9cI7Bz encrypted
hostname PIX
domain-name mydomain.net
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
access-list firmout permit icmp any any echo-reply
access-list firmout permit gre any any
access-list firmout permit tcp any host x.x.x.x eq 6502
access-list firmout permit udp any host x.x.x.x eq 6502
access-list firmout permit tcp any host x.x.x.x eq smtp
access-list firmout permit tcp any host x.x.x.x eq pop3
access-list firmout permit tcp any host x.x.x.x eq pptp
access-list firmout permit tcp any any eq www
access-list firmout permit tcp any any eq https
access-list firmout permit tcp any any eq smtp
access-list firmout permit tcp any host x.x.x.x eq 5900
access-list firmout permit tcp any host x.x.x.x eq 5900
access-list firmout permit tcp any any eq 6112
access-list firmout permit tcp any host x.x.x.x eq smtp
access-list firmout permit tcp any host x.x.x.x eq pop3
access-list firmout permit tcp any host x.x.x.x eq ftp
access-list firmout permit tcp any host x.x.x.x eq ftp-data
access-list firmout permit tcp any host x.x.x.x eq www
access-list firmout permit tcp any host x.x.x.x eq www
access-list firmout permit udp any host x.x.x.x eq 1200
access-list firmout permit tcp any any eq ssh
access-list 100 permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0
access-list vpn_split_tunnel permit 192.168.0.0 255.255.0.0
pager lines 24
logging console debugging
logging buffered debugging
icmp permit any outside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 1.1.1.1 255.255.255.224
ip address inside 192.168.1.1 255.255.255.0
ip address intf2 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_pool 172.16.1.2-172.16.1.255
pdm location 192.168.0.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.255 inside
pdm location 192.168.1.9 255.255.255.255 inside
pdm location 192.168.1.51 255.255.255.255 inside
pdm location 192.168.1.88 255.255.255.255 inside
pdm location 192.168.1.108 255.255.255.255 inside
pdm location 192.168.1.124 255.255.255.255 inside
pdm location 192.168.1.157 255.255.255.255 inside
pdm location 192.168.1.185 255.255.255.255 inside
pdm location 192.168.1.195 255.255.255.255 inside
pdm location 192.168.1.206 255.255.255.255 inside
pdm location 192.168.7.0 255.255.255.0 inside
pdm location 192.168.50.46 255.255.255.255 inside
pdm location 192.168.50.48 255.255.255.255 inside
pdm location 192.168.50.200 255.255.255.255 inside
pdm location 192.168.50.0 255.255.255.0 inside
pdm location 192.168.51.0 255.255.255.0 inside
pdm location 192.168.52.0 255.255.255.0 inside
pdm location 192.168.1.104 255.255.255.255 inside
pdm location 192.168.1.76 255.255.255.255 inside

pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 1.1.1.1
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 1.1.1.2 192.168.1.157 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.3 192.168.50.46 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.4 192.168.50.48 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.5 192.168.1.185 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.6 192.168.1.195 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.7 192.168.1.124 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.8 192.168.1.51 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.9 192.168.50.200 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.10 192.168.1.206 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.11 192.168.1.85 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.12 192.168.1.77 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.13 192.168.1.76 netmask 255.255.255.255 0 0
access-group firmout in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.100 1
route outside 1.1.1.1 255.255.255.255 1.1.1.100 1
route inside 192.168.0.0 255.255.255.0 192.168.1.6 1
route inside 192.168.7.0 255.255.255.0 192.168.1.6 1
route inside 192.168.50.0 255.255.255.0 192.168.1.6 1
route inside 192.168.51.0 255.255.255.0 192.168.1.6 1
route inside 192.168.52.0 255.255.255.0 192.168.1.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.1.162 \TFTP-Root\
no floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup ITGroup address-pool vpn_pool
vpngroup ITGroup dns-server 192.168.1.70
vpngroup ITGroup wins-server 192.168.1.70
vpngroup ITGroup default-domain mydomain.net
vpngroup ITGroup split-tunnel vpn_split_tunnel
vpngroup ITGroup idle-time 1800
vpngroup ITGroup password ********
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 171.68.225.212 255.255.255.255 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh 172.16.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
username name password HYbXwD6EYilokv7w encrypted privilege 15
terminal width 80

03.07.2008 at 09:59AM PST, ID: 21072693

Rank: Wizard

batry_boy:

What do the traffic statistics look like when you are trying to ping? You can find these out by right-clicking the yellow padlock in the system tray, selecting "Statistics" and then looking at the bytes sent and received, and the packets encrypted and decrypted. See screenshot below.

vpnstats.png (9 KB) (File Type Details)

VPN client stats

03.07.2008 at 10:14AM PST, ID: 21072821

Undisputed:

encrypted 13
decrypted 0
discarded 26
bypassed 205

when i ping the only one that increases is the bypassed.

Here's what I have come up with so far. I just tested it on an xp pro machine and it works there. I'm testing it on a vista laptop and this is where it is not working. I tested it using a wireless connection from home and an aircard while at work with the same results.
I have a Lenovo T61 if that helps...

03.07.2008 at 10:19AM PST, ID: 21072863

Rank: Wizard

batry_boy:

If it works in XP and not in Vista, then this is probably going to boil down to a Vista VPN client issue. I used Vista for about 6 months and took it off in disgust and went back to XP. Numerous issues with VPN connectivity, driver issues, and other assorted application issues.

I think about the only thing I can tell you at this point is to make sure you are using the latest Vista VPN client. I think the latest version is 5.0.02.0090. There is a BETA version of 5.0.03.0300 as well...

03.07.2008 at 10:36AM PST, ID: 21073027

Undisputed:

i've been using the beta and even tried the earliest with no luck! This is horrible. i'm able to get into my friend's vpn but his code is version 8.03

03.07.2008 at 10:38AM PST, ID: 21073048

Rank: Wizard

batry_boy:

Bummer...sounds like you're experiencing one of the reasons I through Vista in the trash...

03.16.2008 at 08:08PM PDT, ID: 21139617

Undisputed:

Well I migrated over the the ASA5510 so I gave up on the PIX.

03.16.2008 at 11:33PM PDT, ID: 21140140

Undisputed:

actually I found a workaround because I'm having the same issues with the ASA5510. it is not really a great workaround but it will get the job done if you are in a pinch and if you are on vista.

Connect to your vpn using the client and once connected go to the cisco systems vpn adapter properties.
Next go to the TCP/IP Properties and then specify your internal DNS server in the section provided.
This will force you to use that DNS server and should resolve the names for your internal hosts/servers.

Accepted Solution

03.18.2008 at 10:56PM PDT, ID: 21158817

Netminder:

New Feature Alert! Please do not make any post of any kind after a Closing or Delete request has been started by the asker unless you have a specific objection. Any post by anyone -- including the Asker -- after the request is made will stop the automated process and force the manual intervention of a Moderator/Admin. So post your comment BEFORE clicking the Delete or Accept And Award Points buttons.

A request (http://www.experts-exchange.com/Q_23246275.html) has been made in Community Support to close this question. If there are no objections, a moderator will finalize this question in approximately 4 days as follows:

PAQ with refund using {http:#a21140140}

Please leave any comments here.

Netminder
Site Admin

Netminder

03.23.2008 at 10:05AM PDT, ID: 21190079

Closed, 500 points refunded.
Netminder
Site Admin

_m3Rlin_

03.27.2008 at 02:54PM PDT, ID: 21226156

This article may help: http://www.m3rlin.org/wordpress/cisco-pix-515-pptp-problem/

Undisputed

03.27.2008 at 11:07PM PDT, ID: 21228325

This had nothing to do with PPTP

20080236-EE-VQP-29 / EE_QW_EXPERT_20070906