troubleshooting Question

VPN setup w/ Cisco PIX 515e & MS Server 2003 IAS RADIUS authentication

Avatar of wasabikev
wasabikev asked on
5 Comments1 Solution506 ViewsLast Modified:
I've been staring at this all day... I'd very much appricate a second opinon at this point. I'm just not certain where the configuraiton is incorrect at this point

I believe that the MS Server side is setup correctly, as I'm much more confident with the MS side than the Cisco side of things. .

When trying to connect with the VPN client (3.6.2) I get the errors:
Sev=Warning/2     IKE/0xE300007C
Exceeded 3 IKE SA negotiation retransmits... peer is not responding

Sev=Warning/3     DIALER/0xE3300008
GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h)

My best guess at this point is that my ACL's are not correct... but I'm really not sure.

My PIX VPN config:

hostname PIX1
name HKP
name x.x.10.152 Internet
name x.x.10.157 external
access-list deny-flow-max 300
access-list vpn permit ip any
access-list vpn permit ip
ip address outside external
ip address inside HKP
ip address DMZ1
ip verify reverse-path interface outside
ip verify reverse-path interface DMZ1
ip local pool vpnIP
arp timeout 14400
nat (inside) 0 access-list vpn
nat (inside) 0 0 0
access-group smtp in interface outside
route outside x.x.10.158 1
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host  timeout 10
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication partnerauth
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup HKP address-pool vpnIP
vpngroup HKP dns-server
vpngroup HKP wins-server
vpngroup HKP default-domain
vpngroup HKP idle-time 1800
vpngroup HKP password ********
vpngroup wins-server idle-time 1800
Les Moore
Systems Architect
Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros