Question : Problem: Cisco IPSEC VPN on Pix 501 - IAS cannot auth to Exchange Server

I can connect to my VPN, it forces the XAUTH and lets me in when I enter [email protected].
Problem is, I still have to authenticate when typing start, run \\servername but it lets me in.
Big problem is when I open Outlook, try to authenticate using the same credentials and it will not let me. Here is my config...
--------------------------
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxxxxxxx encrypted
hostname xxxxxxxxxxx
domain-name xxx.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq 3389
access-list 101 permit icmp any any echo-reply
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 2525
access-list 101 permit tcp any any eq 3101
access-list 101 permit tcp any any eq 2505
access-list 120 permit ip 10.0.0.0 255.255.255.0 10.1.5.0 255.255.255.0
access-list splittunnel permit ip 10.0.0.0 255.255.255.0 10.1.5.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 10.1.5.100-10.1.5.115
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 120
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 10.0.0.11 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface telnet 10.0.0.11 telnet netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 10.0.0.13 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 10.0.0.13 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 10.0.0.13 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2525 10.0.0.13 2525 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2505 10.0.0.13 2505 netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa-server partnerauth max-failed-attempts 3
aaa-server partnerauth deadtime 10
aaa-server partnerauth (inside) host 10.0.0.12 xxxxxxxxxx timeout 5
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set strong esp-aes esp-md5-hmac
crypto dynamic-map dynamic 10 set transform-set strong
crypto map vpn 20 ipsec-isakmp dynamic dynamic
crypto map vpn client authentication partnerauth
crypto map vpn interface outside
isakmp enable outside
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup AvL-VPN address-pool vpnpool
vpngroup AvL-VPN dns-server 10.0.0.12
vpngroup AvL-VPN default-domain xxxxxx.local
vpngroup AvL-VPN split-tunnel splittunnel
vpngroup AvL-VPN split-dns xxxxxx.local
vpngroup AvL-VPN idle-time 28800
vpngroup AvL-VPN password ********
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 10
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 10
console timeout 0

Answer : Problem: Cisco IPSEC VPN on Pix 501 - IAS cannot auth to Exchange Server

PAQed with points refunded (250)

CetusMOD
Community Support Moderator

Random Solutions

Problem: HP LaserJet 1020 stops working on Windows 2003 SBS network.

Problem: I cannot get a daily backup set up on my small business server?

Problem: Gaming PC configuration

Problem: Routing Statements on an HP 5412zl

Problem: Restoring to a previous date does not complete, leaving the Partition Raw and unreadable

Problem: NIC Card Issues (Ping: Trasnmit Failed, error code 1 ) can't ping out

Problem: SCCM 2007 - I do not get a list of task sequences to choose from

Problem: Citrix Presentation 4

Problem: On-board Intel PRO/1000 MT NIC keeps failing after 3-5 days

Problem: PS2 Keyboard Stops Working After USB Keyboard Install