Is there a basic setup using the VPN wizard for the Cisco pix 506e

Posted on 2005-04-07
Last Modified: 2013-11-16
This works but then read what I put at the end. Thanks

Stepping through the Wizard:
  Select type: Remote AccessVPN
   Select interface: outside
 * Cisco VPN client
  Group Name:  MYVPNGROUP
  * Pre shared key
  Enable Extended Client Authentication  <== uncheck this box
  nothing is checked on this page
 Pool name:  MYVPNPOOL
  Range start:
  Fill in your local primary DNS server, WINS server and default domain name
 Select:  3DES |  MD5  | Group2(1024bit)
 3DES  | MD5
  *ip address
    Interface inside
    ip address  <== whatever is your local LAN
 Add >>
  X Enable split tunneling

When you setup the client:
New Entry
  Connection:  <whatever>
  Descript:  <whatever>
  Host:  OUTSIDE IP of PIX
  * Group auth
       Name: MYVPNGROUP
       Pass:  mygrouppassword
       Confirm: mygrouppassword
Transport Tab
  X Enable Transparent Tunneling
     * IpSec over UDP (NAT/PAT)

You should not see another username/password prompt again. It should just connect staight away.
You may have to enable NAT Traversal.
From the Main GUI window, VPN tab
        Right about the center of the window there is a chekbox
                                     [X] Enable NAT traversal


Thank you, you definetly have me on the right track. However, setting it up with your config it worked fine until I change something and then nothing will work. I have to completely reset the 506/E and then run the VPN wizard again using your config and it will connect. I tried changing the IP address pool to mine with your config and then it won't work. If I try to go back to your pool it still won't work. I again have to completely reset the 506/E and then run the wizard again. It seems like if I change anything I then have to go back and reset the Pix and start over.
Question by:itspecearthlink
    LVL 79

    Expert Comment

    So, if you run the wizard, but change the pool to something else, like, then it won't work?
    I just pulled arbitrary numbers out of a hat for the example.
    It does not like it if you try to use the pool from the same subnet as your local lan.
    If you want to change it after you run the wizard, it is best to do it from the command line. This way you can remove the crypto map from the interface, make your changes, then reapply the map to the interface.

    If you start fresh from the top with your own ip pool, group name and password, then it won't work?
    If you change it on the PIX, then you have to change it on the client, too..

    If it works just this way, why change it?


    Author Comment

    Thanks, makes sense. and yes I was using a pool from the same subnet as the local lan
    LVL 79

    Accepted Solution

    Are you still working on this?
    Have you found a solution?
    Do you need more information?

    This question will be classified as abandoned soon if we don't get some feedback from you.

    Can you close out this question? See here for details:

    Thanks for your attention!

    Expert Comment

    I am doing the same thing above with a 501 Pix. I am tryingto create a VPN conection with the wizard. I have followed the steps abovr and I still get a 412 error VPN, the local peer is no longer responding. Can I not connect from inside my network? Do I have to be remote?

    LVL 79

    Expert Comment

    You should post your own question, but the answer is simple. Yes, you must actually be physically remote. You cannot connect to the outside interface from inside your network to test.

    Author Comment

    Sorry.... Yes The above solved my problem and I am able to connect with no problem

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now