Remote Access VPN problem on Cisco PIX

Hi all, I'm having problems configuring a Remote Access VPN on my PIX515E.

The PIX is being used as a firewall for ADSL access, and has a public IP on its outside interface assigned use PPPOE. It is the gateway of last resort for the network, and there is a route on the network for the VPN client pool pointing to the PIX inside interface IP address.

I tried to add Remote Access VPN using the IPSec VPN wizard in ASDM and have enabled split tunnel and override/ignore of ACL's. When looking in the statistics windows of the Cisco VPN client originally there were no bytes received, so I enabled transparent tunnelling on TCP port 10000. Now there are bytes received, however zero decrypts. I have also tried adding NAT-T, and using a different version of the VPN client / PC and network.

What does zero decrypts indicate, and what can I do to resolve this? I will attach some info below.
fastforward1tAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fastforward1tAuthor Commented:
VPN client statistics and log
screenshot.JPG
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The destination is strange, it is a "all-1" address (.255). Please check that, is should be your Cisco device's IP address.
0
DonbooCommented:
Check to see if you have NoNat on the inside interface for when going to the Remote IPSec IPs. In ASDM it is referred to as Excempt in the NAT section
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

lrmooreCommented:
Can I assume that the IP you are trying to ping is the inside IP of the PIX?
Try pinging something "past" the PIX on the inside network and not just the PIX interface.
Else you need to designate the inside interface for management-access in order to ping the interface over the VPN.
I think donboo is probably on the right track by questioning the nat0 statement or nat exemption.
I'd probably have to see the complete conifg before I could help much further.
0
fastforward1tAuthor Commented:
Thanks for the responses guys.
Qlemo; If I change the subnet of my home router I can get the AddRoute error to go, I think it may be caused by a subnet clash? - either way still 0 decrypts so maybe two separate issues here.
Donboo; NoNat ASDM config attached, my understanding is a little hazy but I think this looks ok?
lrmoore; Thanks for advise regarding ping, I was pinging the default gatway as given out by the VPN pool on PIX (10.64.250.x). Please see config in post below.
screenshot-NAT.JPG
0
DonbooCommented:
From the client screenshot I can see that you clients IP is 10.64.250.20 and the NoNat is for 10.64.251.0 /26 change it to 10.64.250.0 /26
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fastforward1tAuthor Commented:
Thanks Donboo, Can't beleive I missed that!!! (You wouldn't beleive how many times I have re-read this config..!) .251 was the original Pool that I removed. Cheers!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.