PIX 501 VPN connection problem

PIX 501 VPN connection problem

am 01.05.2007 12:09:47 von peter.hrobar

Hi,

I have set up a new PIX 501 (with 10 VPN licenses) at home to protect
my own network. I have configured VPN via PDM for L2TP and "Cisco"
VPN.

Unfortunatelly I can't yet connect to it either via Cisco VPN client
or standard Windows XP L2TP connection from outside.

Hereby I attach an excerpt from the configuration (I have removed nat
and access-list lines as this part is working fine):

icmp deny any outside
mtu outside 1500
mtu inside 1500
ip local pool VPN_Pool 10.10.10.33-10.10.10.42
arp timeout 14400
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
floodguard enable
fragment chain 1
sysopt connection permit-ipsec
sysopt connection permit-l2tp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 match address
outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 match address
outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set
TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Otthon address-pool VPN_Pool
vpngroup Otthon idle-time 1800
vpngroup Otthon password ********
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group L2TP-VPDN-GROUP accept dialin l2tp
vpdn group L2TP-VPDN-GROUP ppp authentication mschap
vpdn group L2TP-VPDN-GROUP client configuration address local VPN_Pool
vpdn group L2TP-VPDN-GROUP client authentication local
vpdn group L2TP-VPDN-GROUP l2tp tunnel hello 60
vpdn username phrobar password *********
vpdn enable outside
username phrobar password Wny2wTtW4X19NXi0 encrypted privilege 15
terminal width 80
Cryptochecksum:d6ac6ef64cb19c50915c4c4f2b3cca25
: end
[OK]

Any help would be appreciated!