PIX 501 VPN connection problem

Hi,

I have set up a new PIX 501 (with 10 VPN licenses) at home to protect
my own network. I have configured VPN via PDM for L2TP and "Cisco"
VPN.

Unfortunatelly I can't yet connect to it either via Cisco VPN client
or standard Windows XP L2TP connection from outside.

Hereby I attach an excerpt from the configuration (I have removed nat
and access-list lines as this part is working fine):

icmp deny any outside
mtu outside 1500
mtu inside 1500
ip local pool VPN_Pool 10.10.10.33-10.10.10.42
arp timeout 14400
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
floodguard enable
fragment chain 1
sysopt connection permit-ipsec
sysopt connection permit-l2tp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 match address
outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 match address
outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set
TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Otthon address-pool VPN_Pool
vpngroup Otthon idle-time 1800
vpngroup Otthon password ********
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group L2TP-VPDN-GROUP accept dialin l2tp
vpdn group L2TP-VPDN-GROUP ppp authentication mschap
vpdn group L2TP-VPDN-GROUP client configuration address local VPN_Pool
vpdn group L2TP-VPDN-GROUP client authentication local
vpdn group L2TP-VPDN-GROUP l2tp tunnel hello 60
vpdn username phrobar password *********
vpdn enable outside
username phrobar password Wny2wTtW4X19NXi0 encrypted privilege 15
terminal width 80
Cryptochecksum:d6ac6ef64cb19c50915c4c4f2b3cca25
: end
[OK]

Any help would be appreciated!

.

Relevant Pages

  • Re: L2TP over Wireless and NAT
    ... L2TP VPNs can use certificates or a Pre-Shared Key... ... My Networking Blog: http://www.networkblog.net ... >> I am trying to configure an L2TP/IPSec connection from my home to my office ... We have been using PPTP for VPN for some time now in the ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Cant configure VPN client in PIX
    ... > Hi gents, I have a problem with my pix, it has vpn tunnels ... I notice, though, that your isakmp policy 20 uses DES SHA for RSA ... When you have VPN clients that might have a connection dropped ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] Remote access VPN and Cisco PIX 515E connection problems
    ... Likewise with the VPN client software in question. ... crypto map VPN_MAP 1 match address SSN29 ... isakmp policy 1 authentication pre-share ... tunnel-group X.X.X.X ipsec-attributes ...
    (Firewall-Wizards)
  • Re: VPN server
    ... PPTP is encrypted, you can use L2TP without certificates. ... You can use a pre-shared key instead of a certificate for L2TP/IPSec ... Well you have to configure the RRAS VPN service (see buiilt-in Help* or ...
    (microsoft.public.windows.server.active_directory)
  • Cisco VPN Client config on 515
    ... I am trying to get clients runnign Cisco VPN software to connect to my ... crypto map VPNcrypto 10 match address VPNs ... isakmp policy 600 authentication pre-share ...
    (comp.dcom.sys.cisco)