Damon Cortesi's blog

Musings of an entrepreneur.

Cisco VPN Snag

| Comments

I was having some problems today setting up a Cisco PIX 6.3.3 for remote access using the Cisco VPN client. I am using the Windows Server 2003 Internet Authentication Service to handle user authentication, for which Cisco has excellent documentation on setting up.

I hit a couple snags.

First, I wasn’t able to use the Client-Friendly-Name parameter when defining the remote access policy. For some reason, it was not picking up *Pix. When I used Client-IP-Address, that worked fine.

Second, I would be able to auth, but the connection would hang at the “Securing communication channel” stage. Unfortunately I had forgotten to add the dynamic crypto map set into a static crypto map set. Oops. The following command fixed things up:

crypto map mymap 10 ipsec-isakmp dynamic dynmap

Now I just need to get all my ACL’s set up properly so I can go where I want to.