 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
39 messages in net.nether.puck.cisco-nsp[c-nsp] PIX VPN Problem| From | Sent On | Attachments |
|---|---|---|
| Lupi, Guy | Jan 19, 2005 3:43 pm | |
| Tantsura, Jeff | Jan 19, 2005 3:58 pm | |
| Dan Armstrong | Jan 19, 2005 4:15 pm | |
| Tantsura, Jeff | Jan 19, 2005 4:21 pm | |
| Stephen J. Wilcox | Jan 19, 2005 5:20 pm | |
| Lupi, Guy | Jan 19, 2005 5:28 pm | |
| Stephen J. Wilcox | Jan 19, 2005 5:35 pm | |
| Sarkis Karagozian | Jan 19, 2005 6:41 pm | |
| Vicky Rode | Jan 19, 2005 7:17 pm | |
| Ram S | Jan 19, 2005 10:45 pm | |
| Tantsura, Jeff | Jan 20, 2005 3:17 am | |
| Thomas Kernen | Jan 20, 2005 4:09 am | |
| Nic McCartney | Jan 20, 2005 4:29 am | |
| Aaron Glenn | Jan 20, 2005 4:34 am | |
| Djerk Geurts | Jan 20, 2005 4:49 am | |
| Thomas Kernen | Jan 20, 2005 7:44 am | |
| Stephen J. Wilcox | Jan 20, 2005 9:27 am | |
| Bill...@3com.com | Jan 20, 2005 10:15 am | |
| Brant I. Stevens | Jan 20, 2005 10:32 am | |
| Ziv Mosery | Jan 20, 2005 10:44 am | |
| Hudson Delbert J Contr 61 CS/SCBN | Jan 20, 2005 10:52 am | |
| Paul Stewart | Jan 20, 2005 1:39 pm | |
| Paul Stewart | Jan 20, 2005 1:47 pm | |
| MADMAN | Jan 20, 2005 2:04 pm | |
| Paul Stewart | Jan 20, 2005 2:08 pm | |
| MADMAN | Jan 20, 2005 2:44 pm | |
| Paul Stewart | Jan 20, 2005 3:05 pm | |
| Paul Stewart | Jan 21, 2005 4:46 am | |
| nick...@thomson.com | Jan 21, 2005 5:02 am | |
| Niels Bakker | Jan 21, 2005 7:06 am | |
| Stephen J. Wilcox | Jan 21, 2005 10:30 am | |
| Edward B. Dreger | Jan 22, 2005 1:57 am | |
| Paul Stewart | Jan 24, 2005 11:57 am | |
| Koen Peetermans | Jan 24, 2005 12:40 pm | |
| Serguei Bezverkhi | Jan 24, 2005 12:43 pm | |
| Paul Stewart | Jan 24, 2005 1:27 pm | |
| Charlie Winckless | Jan 24, 2005 6:47 pm | |
| Paul Stewart | Jan 24, 2005 8:07 pm | |
| Koen Peetermans | Jan 25, 2005 4:01 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [c-nsp] PIX VPN Problem | Actions... |
|---|---|---|
| From: | Serguei Bezverkhi (sbez...@hotmail.com) | |
| Date: | Jan 24, 2005 12:43:47 pm | |
| List: | net.nether.puck.cisco-nsp | |
Did you try to connect with admin as a username??
I think the problem is that you have only one user defined in LOCAL database, which is admin. Other users are defined as VPDN users, it is not the same and from my past experience these users could not be used for LOCAL authentication.
Try to define them the same way as admin.
HTH
Serguei
-----Original Message----- From: cisc...@puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart Sent: Monday, January 24, 2005 11:57 AM To: cisco-nsp at puck.nether.net Subject: [c-nsp] PIX VPN Problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi there...
I hope the list can help me out...:)
I've got a 515E PIX box that I'm trying to get remote access VPN running to. Below is the config... what's happening is 413-user auth failed
The config is setup to use local username/passwords and I've recreated my own login just to make sure the password is correct.. what am I missing here?
Thanks,
Paul
PIX Version 6.3(4) interface ethernet0 100full interface ethernet1 100full interface ethernet2 auto shutdown nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password XXXXXXXXXXXXXXX encrypted passwd XXXXXXXXXXXXXXXXX encrypted hostname fw domain-name XXX.NET clock timezone EST -5 clock summer-time EDT recurring fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 no fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list compiled access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable access-list 101 permit ip 192.192.61.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list 101 permit ip any 172.30.230.0 255.255.255.0 access-list Nexicom_splitTunnelAcl permit ip any any access-list outside_cryptomap_dyn_20 permit ip any 172.30.230.0 255.255.255.0 pager lines 24 logging on logging trap warnings logging facility 23 logging queue 0 logging host outside XXX.XXX.XXX.XXX mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside XXX.XXX.XXX.XXX 255.255.255.0 ip address inside 192.192.61.224 255.255.255.0 ip address intf2 127.0.0.1 255.255.255.255 ip verify reverse-path interface outside ip audit info action alarm ip audit attack action alarm ip local pool VPN 172.30.230.1-172.30.230.254 pdm history enable arp timeout 14400 global (outside) 10 interface nat (inside) 0 access-list 101 nat (inside) 10 0.0.0.0 0.0.0.0 dns 0 0 access-group 100 in interface outside route outside 0.0.0.0 0.0.0.0 216.168.96.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local aaa authentication telnet console LOCAL aaa authentication ssh console LOCAL ntp server 130.126.24.44 source outside prefer http server enable http 192.192.61.0 255.255.255.0 inside no snmp-server enable traps no floodguard enable sysopt connection tcpmss 0 sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map client authentication LOCAL crypto map outside_map interface outside isakmp enable outside isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup Nexicom address-pool VPN vpngroup Nexicom dns-server 216.168.96.10 216.168.96.13 vpngroup Nexicom wins-server 192.192.61.246 vpngroup Nexicom default-domain nexicom.net vpngroup Nexicom split-tunnel Nexicom_splitTunnelAcl vpngroup Nexicom idle-time 1800 vpngroup Nexicom password ******** telnet timeout 5 ssh 192.192.61.0 255.255.255.0 inside ssh timeout 5 console timeout 0 vpdn username harvey password ******** vpdn username tom password ******** vpdn username mike password ******** vpdn username billr password ******** vpdn username amhalliday password ******** vpdn username paul password ********** vpdn enable outside dhcpd address 192.192.61.32-192.192.61.99 inside dhcpd dns 216.168.96.10 216.168.96.13 dhcpd lease 50400 dhcpd ping_timeout 750 dhcpd domain nexicom.net dhcpd enable inside username admin password XXXXXXXXXXXXXXXX encrypted privilege 15 terminal width 80
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32)
iD8DBQFB9SjyqMetgU57IuQRAoTtAJ9hKfW5O2PgXdBAUVbZNH9JF/KLzQCfSvYL VTHKE1aUA6vyB8d+yImZ5Wc= =ht8t -----END PGP SIGNATURE-----