Hey... thanks.. finally I got response from my PIX515, but it just hang at securing communication channel stage (see below) and it doesn't authenticate the users. What config should I add to point it to my authentication server 192.168.1.201? For your info, my VPN client is installed at Win95 and my authentication server is a W2K server.
Initializing the connection... Contacting the gateway at 100.100.100.101... Negotiating security policies... Securing communication channel... I remember in VPN3000 server, I need to specify the authentication server for VPN group, but why in PIX515 sample on the net, why it doesn't have this entry >From: Andrew Larkins > >from what I remember about this, they will try each policy until a match is >amde, otherwise the connection terminates > >-----Original Message----- >From: Richard Campbell [mailto:[EMAIL PROTECTED] > >hey.. I have a PIX 515 and have a PIX to PIX connection to London and NY >using pre-shared key des, hash sha and dh group 1 and I am going to let >VPN3000 client 3.X connect to here as here and I created another isakmp >policy 20, with hash md5, dh group 2 as shown below. Can u take a look >whether the config is correct? > >And my question is I have 2 isakmp policies here, how does the PIX-PIX and >VPN 3000 3.X client know which isakmp policy to take? > >crypto ipsec transform-set newset esp-des >crypto dynamic-map dynmap 30 set transform-set newset >crypto map newmap 10 ipsec-isakmp >crypto map newmap 10 match address 101 >crypto map newmap 10 set peer nyapix >crypto map newmap 10 set transform-set newset >crypto map newmap 20 ipsec-isakmp >crypto map newmap 20 match address 102 >crypto map newmap 20 set peer ldnpix >crypto map newmap 20 set transform-set newset >crypto map newmap 30 ipsec-isakmp dynamic dynmap >crypto map newmap interface outside >isakmp enable outside >isakmp key ******** address ldnpix netmask 255.255.255.255 >isakmp key ******** address nyapix netmask 255.255.255.255 >isakmp identity address >isakmp policy 10 authentication pre-share >isakmp policy 10 encryption des >isakmp policy 10 hash sha >isakmp policy 10 group 1 >isakmp policy 10 lifetime 86400 > >isakmp policy 20 authentication pre-share >isakmp policy 20 encryption des >isakmp policy 20 hash md5 >isakmp policy 20 group 2 >isakmp policy 20 lifetime 86400 > >vpngroup CLIENTS address-pool REMOTEIPPOOLS >vpngroup CLIENTS dns-server 192.168.1.201 >vpngroup CLIENTS wins-server 192.168.1.201 >vpngroup CLIENTS default-domain xyz.com >vpngroup CLIENTS idle-time 1800 >vpngroup CLIENTS password ******** > >_________________________________________________________________ >Protect your PC - get McAfee.com VirusScan Online >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69996&t=69996 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
