I was having some problems today setting up a Cisco PIX 6.3.3 for remote access using the Cisco VPN client. I am using the Windows Server 2003 Internet Authentication Service to handle user authentication, for which Cisco has excellent documentation on setting up.
I hit a couple snags.
First, I wasn’t able to use the Client-Friendly-Name parameter when defining the remote access policy. For some reason, it was not picking up *Pix. When I used Client-IP-Address, that worked fine.
Second, I would be able to auth, but the connection would hang at the “Securing communication channel” stage. Unfortunately I had forgotten to add the dynamic crypto map set into a static crypto map set. Oops. The following command fixed things up:
Now I just need to get all my ACL’s set up properly so I can go where I want to.