PIX 501 VPN change from PPPOE

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Guest

PIX 501 VPN change from PPPOE

Post by Guest » Thu Dec 02, 2010 11:26 am


We have a PIX 501 connected to DSL using PPPOE with outside to inside VPN setup and functioning using the EasyVPN client and a preshared key. We replace the DSL modem with a small router that is now doing the PPOE negociation instead of the nPIX. I have removed the VPDN references to PPPOE:vpdn group pppoe_group request dialout pppoevpdn group pppoe_group localname xxx@sbcglobal.netvpdn group pppoe_group ppp authentication papvpdn username xxx@sbcglobal.net password ********* vpdn username xxx@sbcglobal.net password ********* store-localvpdn username scott password ********* vpdn username barry password ********* And left in the vpngroup lines:vpngroup TQA_VPN address-pool CVPN_DHCPvpngroup TQA_VPN dns-server 10.1.1.99vpngroup TQA_VPN wins-server 10.1.1.99vpngroup TQA_VPN default-domain tqa-inc.comvpngroup TQA_VPN split-tunnel inside_outbound_nat0_aclvpngroup TQA_VPN idle-time 1800vpngroup TQA_VPN password ********What do I need to add/chage to allow VPN access again?I tried this to no avail:vpdn group TQA_VPN accept dialin l2tpvpdn group TQA_VPN l2tp tunnel hello 60vpdn enable Barry  

Alt+MAlt+N
Guest

Re:PIX 501 VPN change from PPPOE

Post by Guest » Thu Dec 02, 2010 12:49 pm


Hi,Could you please post the full config.What is the issue you are facing ? What message you are getting on the client.-Kanishka

Guest

Re:PIX 501 VPN change from PPPOE

Post by Guest » Thu Dec 02, 2010 2:12 pm


I am now connecting with the VPN client but cannot access any resources. I have attached client log (everything appears O.K.) and the PIX configuration. Note that in the PIX configuration there is an "Incomplete" coment but I don't know why. Also assistance with a split tunnelling statement would be greatly appreciated.Thanks,Barry  

Guest

Re:PIX 501 VPN change from PPPOE

Post by Guest » Thu Dec 02, 2010 2:47 pm


Hi,please enter the following commands on the PIX :no crypto map outside_dyn_map 20no vpngroup TQA_VPN1 address-pool vpnpool1ip local pool vpnpool 192.168.1.1-192.168.1.20access-list nonat permit ip any 192.168.1.0 255.255.255.0access-list split permit ip any 192.168.1.0 255.255.255.0nat (inside) 0 access-list nonatvpngroup TQA_VPN1 address-pool vpnpoolvpngroup TQA_VPN1 split-tunnel splitThat should do it.*Please rate if helped.-Kanishka

Guest

Re:PIX 501 VPN change from PPPOE

Post by Guest » Thu Dec 02, 2010 3:59 pm


I won't be able to try this until Sunday night. Thanks for your help. I'll let you know the results then.Barry

Post Reply