Remote peer is no longer responding
Problem:Jeg prøver at få en VPN tunnel til en Cisco PIX 506 firewall. Når jeg prøver at oprette forbindelsemed Cisco VPN dialer får jeg følgende fejl : "Remote peer is no longer responding".
I sidste uge skulle jeg åbne en port i vores firewall, og det gik også godt. Men efter jeg har lukket denne port igen er problemet opstået. Porten var 5995.
Konfiguration:
PIX Version 6.2(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password m0ONlwEr2b2bM27g encrypted
passwd m0ONlwEr2b2bM27g encrypted
hostname Jens-FW
domain-name jens.dk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list acl_in permit icmp any any
access-list acl_in permit tcp any any eq www
access-list acl_in permit tcp any any eq telnet
access-list acl_in permit tcp any any eq smtp
access-list acl_in permit tcp any any eq domain
access-list acl_in permit udp any any eq domain
access-list acl_in permit tcp any any eq pop3
access-list acl_in permit tcp any any eq https
access-list acl_in permit udp any any eq 443
access-list acl_in permit tcp any any eq 8080
access-list acl_in permit tcp any any eq 8000
access-list acl_in permit tcp any any eq 37
access-list acl_in permit udp any any eq 119
access-list acl_in permit tcp any any eq nntp
access-list acl_in permit tcp any any eq ftp
access-list acl_in permit tcp any any eq 7070
access-list acl_in permit tcp any any eq imap4
access-list acl_in permit udp any any eq 143
access-list acl_in permit tcp any any eq 554
access-list acl_in permit udp any any eq 554
access-list acl_in permit tcp any any eq 1863
access-list acl_in permit udp any any eq isakmp
access-list acl_in permit udp any any eq 10000
access-list acl_in permit tcp any any eq 1414
access-list nat_0 permit ip 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.
0
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host 80.63.178.51 eq smtp
pager lines 24
logging on
logging trap notifications
logging history warnings
logging facility 23
logging host inside 192.168.10.20
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x 255.255.255.252
ip address inside 192.168.10.197 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool dealer 192.168.11.1-192.168.11.200
pdm history enable
arp timeout 14400
global (outside) 1 y.y.y.y
nat (inside) 0 access-list nat_0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp z.z.z.z smtp 192.168.10.22 smtp netmask 255.255
.255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
route outside 0.0.0.0 0.0.0.0 v.v.v.v 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server remote protocol radius
aaa-server remote (inside) host 192.168.10.20 kvatum timeout 10
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set remoteclient esp-des esp-md5-hmac
crypto dynamic-map dynamap 15 set transform-set remoteclient
crypto map cryptomap 15 ipsec-isakmp dynamic dynamap
crypto map cryptomap client configuration address initiate
crypto map cryptomap client authentication remote
crypto map cryptomap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 1000
vpngroup aeon address-pool dealer
vpngroup aeon wins-server 192.168.10.21
vpngroup aeon idle-time 18000
vpngroup aeon password ********
vpngroup lind address-pool dealer
vpngroup lind wins-server 192.168.10.20
vpngroup lind idle-time 18000
vpngroup lind password ********
telnet 192.168.11.0 255.255.255.0 outside
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 60
ssh i.i.i.i 255.255.255.248 outside
ssh j.j.j.j 255.255.255.240 outside
ssh timeout 60
terminal width 80
Cryptochecksum:302e5a41028437c990cf2c1948b6da49
