Question : Problem: Cisco IPSEC VPN on Pix 501 - IAS cannot auth to Exchange Server

I can connect to my VPN, it forces the XAUTH and lets me in when I enter [email protected].
Problem is, I still have to authenticate when typing start, run \\servername but it lets me in.
Big problem is when I open Outlook, try to authenticate using the same credentials and it will not let me. Here is my config...
--------------------------
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxxxxxxx encrypted
hostname xxxxxxxxxxx
domain-name xxx.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq 3389
access-list 101 permit icmp any any echo-reply
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 2525
access-list 101 permit tcp any any eq 3101
access-list 101 permit tcp any any eq 2505
access-list 120 permit ip 10.0.0.0 255.255.255.0 10.1.5.0 255.255.255.0
access-list splittunnel permit ip 10.0.0.0 255.255.255.0 10.1.5.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 10.1.5.100-10.1.5.115
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 120
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 10.0.0.11 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface telnet 10.0.0.11 telnet netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 10.0.0.13 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 10.0.0.13 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 10.0.0.13 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2525 10.0.0.13 2525 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2505 10.0.0.13 2505 netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa-server partnerauth max-failed-attempts 3
aaa-server partnerauth deadtime 10
aaa-server partnerauth (inside) host 10.0.0.12 xxxxxxxxxx timeout 5
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set strong esp-aes esp-md5-hmac
crypto dynamic-map dynamic 10 set transform-set strong
crypto map vpn 20 ipsec-isakmp dynamic dynamic
crypto map vpn client authentication partnerauth
crypto map vpn interface outside
isakmp enable outside
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup AvL-VPN address-pool vpnpool
vpngroup AvL-VPN dns-server 10.0.0.12
vpngroup AvL-VPN default-domain xxxxxx.local
vpngroup AvL-VPN split-tunnel splittunnel
vpngroup AvL-VPN split-dns xxxxxx.local
vpngroup AvL-VPN idle-time 28800
vpngroup AvL-VPN password ********
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 10
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 10
console timeout 0

Answer : Problem: Cisco IPSEC VPN on Pix 501 - IAS cannot auth to Exchange Server

PAQed with points refunded (250)

CetusMOD
Community Support Moderator

Random Solutions

Problem: Need a way to Mirror a hard drive on Server 2000

Problem: iPhone 3G 2.1 can not sync with exchange "Outside" LAN

Problem: Failing hard drive on external back up to HD system

Problem: multi-drop RS-485 garbled

Problem: My cup holder is only "eight-speed," how can I upgrade it?

Problem: ok looking to get a new video card anyway...

Problem: How to uninstall HP printing/scanning drivers and software

Problem: Blackberry Prof Software activation fails

Problem: How does 4X DVD-R differ from 16X dvd-R ?..I have both and they looks the same !

Problem: need help removing spyware