L2TP/IPSec Remote Access Problem on PIX V8

From: eman mansouri (emmsr88@hotmail.com)
Date: Mon Apr 28 2008 - 00:28:57 ART

• Next message: KS Anpu: "Re: OSPF NSSA"
• Previous message: Dale Kling: "Re: CIR Bc Be"
• Next in thread: Alexei Monastyrnyi: "Re: L2TP/IPSec Remote Access Problem on PIX V8"
• Maybe reply: Alexei Monastyrnyi: "Re: L2TP/IPSec Remote Access Problem on PIX V8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

HI everybody
I do have a PIX 525 with PIX v8 IOS which I am intending to configure it for my Remote users inorder to enable them to connect through the Internet to coprporate LAN and make use of services provided. I have usef my own knowledge , Cisco site Configuration guidlines and asdm 6.3 tool .But the problem is I get the below message using either Windows VPN Connection.

Jan 01 00:02:09 [IKEv1]: IP = x.x.x.x, Removing peer from peer table failed, no match!
Jan 01 00:02:09 [IKEv1]: IP = x.x.x.x, Error: Unable to remove PeerTblEntry

this is the configuration I have done with ASDM. Please help me with it.
I will be happy if you help me with it.

PIX Version 8.0(3)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
 nameif inside
 security-level 100
 ip address 10.1.1.1 255.255.255.0
!
interface Ethernet1
 nameif outside
 security-level 0
 ip address 85.x.x.x 255.255.255.224
!
access-list OUT-ACCESS extended permit ip any interface outside
access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 10.1.1.0 255.255.255.224

ip local pool VPN-POOL 10.1.1.10-10.1.1.20 mask 255.255.255.0

asdm image flash:/asdm-603.bin

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.1.1.0 255.255.255.0
access-group OUT-ACCESS in interface outside
route outside 0.0.0.0 0.0.0.0 85.15.52.1 1

dynamic-access-policy-record DfltAccessPolicy

crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400

group-policy VPN-Group internal
group-policy VPN-Group attributes
 vpn-tunnel-protocol l2tp-ipsec
 default-domain value ibto.ir
username iman password I02l0vJPx1MGTuzMwdwezg== nt-encrypted privilege 0
username iman attributes
 vpn-group-policy VPN-Group
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 authentication pap
 no authentication chap
 authentication ms-chap-v2
tunnel-group VPN-Group type remote-access
tunnel-group VPN-Group general-attributes
 address-pool VPN-POOL
 default-group-policy VPN-Group
tunnel-group VPN-Group ipsec-attributes
 pre-shared-key *
 isakmp ikev1-user-authentication none
tunnel-group VPN-Group ppp-attributes
 authentication pap
 no authentication chap
 authentication ms-chap-v2

• Next message: KS Anpu: "Re: OSPF NSSA"
• Previous message: Dale Kling: "Re: CIR Bc Be"
• Next in thread: Alexei Monastyrnyi: "Re: L2TP/IPSec Remote Access Problem on PIX V8"
• Maybe reply: Alexei Monastyrnyi: "Re: L2TP/IPSec Remote Access Problem on PIX V8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:52 ART