I am trying to setup a connection between the Cisco VPN client and a PIX 515E firewall. I have already successfully setup one using the same client machine to a PIX 501 running 6.3. I started with the VPN configuration from that machine and worked my way backwards to supported encryption standards, etc . . .
I don't have easy access to the client machine or the ability to attempt a VPN connection, so it's been difficult to troubleshoot.
Here are the pertinent sections of the PIX 515 configuration. IP addresses have been changed for privacy.
PIX Version 6.1(3)
access-list 102 permit ip 10.5.5.0 255.255.255.0 10.5.6.0 255.255.255.240
ip address outside A.B.C.125 255.255.255.192
ip address inside 10.5.5.190 255.255.255.0
ip local pool vpnpool 10.5.6.1-10.5.6.15
global (outside) 1 A.B.C.115-126.96.36.199 netmask A.B.C.192
global (outside) 1 A.B.C.114
nat (inside) 0 access-list 102
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set trmset1 esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set trmset1
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup blah address-pool vpnpool
vpngroup blah dns-server 10.5.5.136 10.5.5.134
vpngroup blah default-domain blah.net
vpngroup blah split-tunnel 102
vpngroup blah idle-time 1800
vpngroup blah password ********
VPN Client connection attempts are to A.B.C.125.
All other aspects of the firewall work fine. As I said above, the same client machine is able to connect to a PIX 501 without any problems.
I debugged the connection attempt and the Phase 1 portion never succeeded.
Also, the 515 firewall is behind a Cisco router, but I do not have any type of access to that.
Thanks for the input.