Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Networking Forum > Security and Firewalls
Cannot Access PIX501 console from Outside interface Cannot Access PIX501 console from Outside interface
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Security and Firewalls Protecting you against unwanted people and programs

Reply
 
Thread Tools
Old 02-15-2008, 07:16 AM   #1 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 2
OS: WinXP SP2


Cannot Access PIX501 console from Outside interface
Cannot Access PIX501 console from Outside interface

I put this under the network forum then saw this for firewalling.

Setting up remote access to an existing PIX 501 performing VPN IPSec tunneling and cannot access the console via outside interface. Recieving following error:

402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 10.3.3.3, src_addr= 10.3.3.254, prot= tcp

Looking up on Ciscos output tool it states: The received packet matched the crypto map ACL, but it is not IPSec-encapsulated; the IPSec peer is sending unencapsulated packets.

It does NOT match the crypto map acl, it is:

access-list ipsec permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

Tunnel is between 10.3.3.1 (remote cisco router) and 10.3.3.3 (this pix firewall) I am attempting to telnet from 10.3.3.254.

Testing setup in a test enviroment and using Telnet to start, want in the end SSH. PIX config:

augs1-xx-fw01# sh runn
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xPF6P8iOrAXDcH89 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname augs1-xx-fw01
domain-name cmpco.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list ipsec permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list vpn_nonat_inside permit ip any any
access-list vpn_nonat_outside permit ip any any
pager lines 24
logging on
logging timestamp
logging standby
logging console debugging
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside 10.3.3.3 255.255.255.0
ip address inside 10.1.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
nat (outside) 0 access-list vpn_nonat_outside outside
nat (inside) 0 access-list vpn_nonat_inside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 10.3.3.1 1
route outside 10.2.2.0 255.255.255.0 10.3.3.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server partner protocol tacacs+
aaa-server partner max-failed-attempts 3
aaa-server partner deadtime 10
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set idcheck esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map secureid 21 ipsec-isakmp
crypto map secureid 21 match address ipsec
crypto map secureid 21 set peer 10.3.3.1
crypto map secureid 21 set transform-set idcheck
crypto map secureid interface outside
isakmp enable outside
isakmp key ******** address 10.3.3.1 netmask 255.255.255.255
isakmp identity address
isakmp policy 21 authentication pre-share
isakmp policy 21 encryption des
isakmp policy 21 hash md5
isakmp policy 21 group 1
isakmp policy 21 lifetime 86400
telnet 10.3.3.254 255.255.255.255 outside
telnet timeout 5
ssh 10.3.3.254 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd address 10.1.1.2-10.1.1.249 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username morneaultp password x6/EnPl5yTre8iUd encrypted privilege 15
terminal width 80
Cryptochecksum:595d855a17270fe734489c6ba285d69e
: end


Thanks for your help!!

~ Phil
mpilihp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:13 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82