Netscreen 5x and Cisco PIX VPN client



  • I am trying to set up a communication between a PC running Cisco VPN client to a remote PIX cisco. the communication is stablished but i am not able to communicate. There seems to be a problem stablishing the Transparent tunneling.

    Well I did what you said and unfortunately it’s still not working

    set service “MERSVPN” group “other” 51 src 0-65535 dst 0-65535
    set service “MERSVPN” + 50 src 0-65535 dst 0-65535
    set service “MERSVPN” + udp src 4500-4500 dst 4500-4500
    set service “MERSVPN” + udp src 500-500 dst 500-500
    set service “MERSVPN” + tcp src 0-65535 dst 10000-10000

    That’s the new service I made

    set service “MERSVPN” group “other” 51 src 0-65535 dst 0-65535
    set service “MERSVPN” + 50 src 0-65535 dst 0-65535
    set service “MERSVPN” + udp src 0-65535 dst 4500-4500
    set service “MERSVPN” + udp src 0-65535 dst 500-500
    set service “MERSVPN” + udp src 0-65535 dst 10000-10000
    set service “MERSVPN” + udp src 0-65535 dst 62515-62515
    set service “MERSVPN” + tcp src 0-65535 dst 10000-10000

    set policy id 66 from “Trust” to “Untrust” “SourceServer” “Any” “MERSVPN” nat dip-id 2 fix-port Permit log

    Any helpis appreciated.

    Jorge



  • Looking further the event log has an error:

    [00004] 2006-02-10 22:48:45 system-critical-00023: VIP server
    192.168.1.37 cannot be contacted



  • Thanks for your comments. Made the changes and still not working.

    i set up my VIP 69.X.X.X untrust 500 VPN 192.168.1.X/500(OK)

    The policy is being set Unt to Trust and the trust to unt. I connection is established between the PC and the PIX but the tunnel does not get created.

    any other ideas?



  • 
    set service "VPN" protocol udp src-port 0-65535 dst-port 500-500 
    
    set service "VPN" + 50 src-port 0-65535 dst-port 500-500 
    
    set interface untrust vip untrust 500 "VPN" 192.168.x.y manual
    
    set policy id 19 name "VPN" from "Untrust" to "Trust"  "Any" "VIP::1" "VPN" permit 
    
    

    This will allow the Cisco VPN client to be used on one computer, 192.168.x.y. I did it this way until I got my NS5gt-NS25 tunnel up.

    I did this from memory, so it may be a little off, but it will give you a starting point. Keep in mind you need both UPD and ESP (procotol 50).


 

31
Online

38.4k
Users

12.7k
Topics

44.5k
Posts