HTTP Inspection Cisco PIX 525

Similar Messages

• Cisco pix 525 and 515 cannot archieve configuration in LMS 3.0.1

  Hi,
  we have several cisco pix 525 and 515 cannot archieve configuration in LMS 3.0.1
  Any help would be greatly appriciated.
  Thanks in advance
  Samir

  Hi,
  Here is the output.
  *** Device Details for  ***
  Protocol ==> Unknown / Not Applicable
  Selected Protocols with order ==> TFTP,SSH,HTTPS
  Execution Result:
  RUNNING
  CM0151 PRIMARY RUNNING Config fetch failed for ********* Cause: SSH: Failed to establish SSH connection to 10.192.18.10 - Cause: Authentication failed on device 3 times.
  Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.
  But when I do mangement station to Device  it gives me following results:
  Interface Found:  10.192.18.10
  Status:  UP
  Test Results
  UDP     Failed
        sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 64 protocol: udp port: 7
  TCP     Failed
        sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 0 size: 0 protocol: tcp port: 7
  HTTP     Failed
        sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 33 protocol: http port: 80
  TFTP     Failed
        sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 25 protocol: tftp port: 69
  SNMPRv2c(Read)     Okay
       sent: 5 recvd: 5 min: 0 max: 0 avg: 0 timeout: 2 min_size: 1472 protocol: snmpv3_get port: 0
  SNMPWv2c(Write)     Failed
        sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 min_size: 1472 protocol: snmpv3_set port: 0
  SSHv2     Failed
  TELNET     Okay
  Waiting for your reply.
  Samir

• Cisco Pix 525 VPN - iPhone/iPad won't connect

  hi,
  i have one of the most basic configurations on a PIX 525 with remote access enabled. i am able to connect from a desktop machine running the cisco vpn client but for some reason i cant get my iphone or ipad to connect to my vpn. i get the error message stating 'the server did not respond'.
  i am running ios 8.0.4 and i have a 3DES license which is required from what i understand.
  im starting to think that this really is in the configuration. could it be the transform set specification?
  can some one shed some light on this subject?
  below is close to the current configuration, but its not exact, some things in it were corrected, so ignore them. it is the best i have, since i am away for the holiday. it should give insight into any areas that might be part of the problem.
  thcvpn01(config)# show config
  : Saved
  : Written by enable_15 at 07:33:33.113 UTC Fri Nov 8 2013
  PIX Version 8.0(4)
  hostname thcvpn01
  domain-name somewhere.net
  enable password* encrypted
  passwd * encrypted
  names
  interface Ethernet0
  nameif outside
  security-level 0
  ip address dhcp setroute
  interface Ethernet1
  nameif inside
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  interface Ethernet2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet4
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet5
  shutdown
  no nameif
  no security-level
  no ip address
  ftp mode passive
  dns domain-lookup outside
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 208.67.222.222
  name-server 208.67.222.220
  domain-name somewhere.net
  same-security-traffic permit intra-interface
  object-group icmp-type ICMPObject
  icmp-object echo-reply
  icmp-object source-quench
  icmp-object time-exceeded
  icmp-object unreachable
  access-list outside_access_in extended permit icmp any any object-group ICMPObje
  ct
  access-list inside-nat0 extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.2
  55.255.0
  access-list SPLIT-TUNNEL standard permit 10.1.1.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  ip local pool ThcIPPool 10.1.2.1-10.1.2.50 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 101 interface
  nat (outside) 101 10.1.2.0 255.255.255.0 outside
  nat (inside) 0 access-list inside-nat0
  nat (inside) 101 10.0.0.0 255.0.0.0
  access-group outside_access_in in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 10.1.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set THCTransformSet esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map THCDynamicMap 1 set transform-set THCTransformSet
  crypto dynamic-map THCDynamicMap 1 set security-association lifetime seconds 288
  00
  crypto dynamic-map THCDynamicMap 1 set security-association lifetime kilobytes 4
  608000
  crypto dynamic-map THCDynamicMap 1 set reverse-route
  crypto map THCCryptoMap 1 ipsec-isakmp dynamic THCDynamicMap
  crypto map THCCryptoMap interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 43200
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp nat-traversal 30
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd address 10.1.1.50-10.1.1.254 inside
  dhcpd dns 208.67.222.222 208.67.222.220 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  group-policy THCVpnGroup internal
  group-policy THCVpnGroup attributes
  dns-server value 208.67.222.222 208.67.222.220
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelall
  username [username] password [password] encrypted
  tunnel-group THCVpnGroup type remote-access
  tunnel-group THCVpnGroup general-attributes
  address-pool ThcIPPool
  default-group-policy THCVpnGroup
  tunnel-group THCVpnGroup ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect icmp error
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:d57ad5e7f32936cf000c4be69d4385cb
  thcvpn01(config)#
  thcvpn01(config)#
  thcvpn01(config)#
  jeff

  hi,
  as a primary note, the people at apple's genius bar are not genious. they do not know that the following, so if you found your way here. awesome.
  the correct answer is that the iphone and ipad only supports aes. you have to modify the crypto map to use aes as well as modify the isakmp service to use aes. i believe it supports all aes options, aes, aes 192 and aes 256.
  in all of the frustration, do not, as i did, forget that your username is case sensitive.
  jeff

• Cisco pix 525 land attack

  Goodmorning,
  I have a message on my pix 525 someone is spoofing on a server from my dmz. How can i prevent spoofing attacks? It goes something like that : Deny IP due to Land Attack from 10.10.8.1 to 10.10.8.1

  The thing is that i have exhaustion of resources. How can i stop that?

• Pix 525 Boot rom?

  I was wondering if someone can tell me how to upgrade a Cisco Pix 525 boot rom from 4.0 to 4.3. Is it a physical chip or software upgrade? Is it needed to upgrade to latest IOS on Cisco Pix 525 to 8.0. Where can I find more information on it?  Thanks in advance

  This link should help you
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml
  Reards,
  Sachin

• Cisco WSA https inspection capability?

  Hello, 
  does a Cisco WSA has the capability of inspecting HTTPs traffic like Internet-Proxy servers do

  yes.
  Here's a doc on how to set up the WSA, it has a section on doing HTTPS:
  https://supportforums.cisco.com/sites/default/files/attachments/discussion/sba_mid_bn_websecuritydeploymentguide-h1cy11_1.pdf

• PIX 525 administration

  I'm new to this forum so send me along if this sounds like nonsense. I have a SecurePIX 525 (s/w v6.3(4) in my production environment. Is there a GUI management tool for the PIX and if so, how do I go about setting it up? Thanks.

  Hi Sean
  You can ask any question in these forums whether or not it's nonsense :)
  Yes there is a GUI management tool, it's called Pix Device Manager and for your version of software you need v3 of PDM. You may well find the actuall software is on your pix already.
  Attached is a link to a doc on installing and configuring PDM
  http://www.cisco.com/en/US/docs/security/pix/pix63/pdm30/installation/guide/pdm_ig.html
  HTH
  Jon

• Bandwidth Allocation for a specific VPN Tunnel - PIX 525 7.2(1)

  Hello,
  I have a PIX with a 10 MB internet connection. This PIX has several L2L VPN Tunnels configured: Tunnel1, Tunnel2...TunnelN. I want to be able guarentee 5Mb of the total 10Mb to a specific VPN Tunnel. Is this possible? I have read the following links, however I believe that the configuration guidelines I'm looking for are a combination of several examples shown here:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml#tab4
  https://supportforums.cisco.com/docs/DOC-1230
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#cqos
  The tunnel is being defined by the following commands:
  crypto map prdmay 20 match address vpn_1
  crypto map prdmay 20 set peer 61.172.142.222
  crypto map prdmay 20 set transform-set TS
  access-list vpn_1 extended permit ip 10.14.102.0 255.255.255.0 any
  access-list vpn_1 extended permit ip 10.14.101.0 255.255.255.0 any
  tunnel-group 61.172.142.222 type ipsec-l2l
  tunnel-group 61.172.142.222 ipsec-attributes
  pre-shared-key *
  Is the following what I need to do in order to accomplish what I want:
  priority-queue outside
  class-map vpn_5Mb
  match access-list vpn_1
  match tunnel-group 61.172.142.222
  policy-map police-priority-policy
  class vpn_5Mb
  police output 5120000
  service-policy police-priority-policy interface outside
  Thank you for your help.

  I don't think the ASA will let you match on ACL and tunnel group at the same time.
  Just the ACL will do though. The ACL should match local ip addresses (there are usually no-natted for the VPN anyway).
  Here is a page with a QoS examples on the ASA for reference https://supportforums.cisco.com/docs/DOC-1230
  I hope it helps.
  PK

• Max no of VPNs on a cisco PIX

  Hi all,
  In our head office we have a pix506e and we have numerous remote offices with 877s. Each remote office has a site-site VPN connection to the PIX.
  The problem I'm having we recently added 8 new sites, only half of which work. They will all form IPsec tunnels, but you cannot ping through them.
  Chatting to a colleague he seems to think that each VPN uses 2 "peer" licenses and hence we will only get a max of 12 concurrent VPN connections.
  Can anyone confirm that this is the case?

  max number L2L tunnels on PIX506 is 25
  http://www.cisco.com/web/partners/downloads/765/tools/quickreference/vpn_performance_eng.pdf

• PIX 525 UR With 1 4-Port FE, 1 VPN Accel Card

  Good day;
  I have a PIX 525 Unrestricted with failover.
  802.bin IOS
  There is 1 4-port FE and a VPN Accelerator card installed in each unit.
  I tried to install a second 4-port FE in both prime and secondary units and the following is the result.
  Once I power up both units the second 4-port FE mimics the first one. Although there are no physical connections to the second 4-port FE's, the port lights on the second FE's light up as the ones on the first 4-port FE.
  Example:
  1st 4-port FE
  Fa0/2 - physical connection - Light on
  Fa0/3 - no physical connection - Light off
  Fa0/4 - physical connection - Light on
  Fa0/5 - no physical connection - Light off
  2nd 4-port FE
  Fa0/6 - no physical connection - Light on
  Fa0/7 - no physical connection - Light off
  Fa0/8 - no physical connection - Light on
  Fa0/9 - no physical connection - Light off
  Also, when the second card is installed the first card will not function and this sets both PIX's as active.
  I'm somewhat baffled.

  Hi;
  Here's the show version.
  As you will see, it allows for 10 physical interfaces.
  I'm scratching my head over this one.
  Cisco PIX Security Appliance Software Version 8.0(2)
  Device Manager Version 6.0(2)
  Compiled on Fri 15-Jun-07 18:25 by builders
  System image file is "flash:/pix802.bin"
  Config file at boot was "startup-config"
  MHCPPIX1 up 27 days 22 hours
  failover cluster up 93 days 1 hour
  Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
  Flash E28F128J3 @ 0xfff00000, 16MB
  BIOS Flash AM29F400B @ 0xfffd8000, 32KB
  Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
  0: Ext: Ethernet0 : address is 0011.924b.dd31, irq 10
  1: Ext: Ethernet1 : address is 0011.924b.dd32, irq 11
  2: Ext: Ethernet2 : address is 000d.88ee.5d70, irq 11
  3: Ext: Ethernet3 : address is 000d.88ee.5d71, irq 10
  4: Ext: Ethernet4 : address is 000d.88ee.5d72, irq 9
  5: Ext: Ethernet5 : address is 000d.88ee.5d73, irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces : 10
  Maximum VLANs : 100
  Inside Hosts : Unlimited
  Failover : Active/Active
  VPN-DES : Enabled
  VPN-3DES-AES : Enabled
  Cut-through Proxy : Enabled
  Guards : Enabled
  URL Filtering : Enabled
  Security Contexts : 2
  GTP/GPRS : Disabled
  VPN Peers : Unlimited
  This platform has an Unrestricted (UR) license.

• Cisco 871W eZVPN is unable to connect Cisco PIX vpn server

  crypto ipsec client ezvpn TEST
  connect auto
  group Cisco key cisco123
  mode client
  peer 172.1.1.1
  xauth userid mode interfactive
  interface FastEthernet4
  ip address 10.1.1.1 255.255.255.0
  ip access-group 101 in
  ip nat outside
  crypto ipsec client ezvpn TEST
  Internet Vlan1
  ip address 192.168.1.1 255.255.255.0
  ip access-group 100 out
  ip nat inside
  crypto ipsec client ezvpn TEST inside
  ip route 0.0.0.0. 0.0.0.0 192.168.1.254
  ip nat inside source route-map EzVPN1 interface FastEthernet4 overload
  access-list 100 permit ip any any
  access-list 101 permit ip any any
  access-list 103 permit ip 192.168.1.0 0.0.0.255 any
  route-map EzVPN1 permit 1
  match ip address 103
  These are the following commands I applied in my Router, It is able to connect but unable to access any other servers. The same user name & password I tried with the VPN dialer it works on my Laptop. Anything I am missing on the router configuration. The VPN server is Cisco PIX 515E.
  Cisco IOS on 871W is 12.3(8)Y12

  1) Isn't your default route supposed to be pointing towards the external interface?
  ip route 0.0.0.0. 0.0.0.0 192.168.1.254 ?
  2) Can you change the 'mode client' to 'mode network-extension'. Also the PIX will need 'nem enable'.
  Have a look at the following (I'm assuming you already have as your config seems to be similar):
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml
  For old 6.x code on PIX, have a look at:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml
  Regards
  Farrukh

• Cisco PIX to Cisco ASA Migration Tool

  Hello,
  I appreciate any help to download the The Cisco PIX to ASA migration tool referred at
  http://www.cisco.com/en/US/partner/docs/security/asa/migration/release/notes/pix2asarn.html#wp39336
  Thanks in Advance
  Francisco Almeida

  As a registered user, go to the download page for Pix Software here.
  Navigate on the menu tree to "Version 1.0" and you should see the software available to download:

• Amazon S3 Backup with Cisco PIX 501 Router - slowww

  We are in the process of setting up an Amazon S3 network backup of the NAS server we have in our office.  We are using a Synology NAS to backup to Amazon s3, and we use a Cisco PIX 501 to secure our network.  The backup from the NAS to Amazon is going painfully slow, so I contacted Synology to resolve the issue.  After they examined everything, they think the router is filtering outbound traffic, and this is causing the upload to slow down.  I was told the upload should happen over HTTP and HTTPS, and I made sure these ports where open through the Access Rules.  There are no rules defined in the Filter Settings.
  I looked at the settings with the PDM, and I can't find where the filtering would be. Does someone have any insight to what could be happening?   I'm not too familiar with the PIX or all the network settings involved.
  Thanks!

  Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here:
  - Wireless ----> Wireless - Mobility http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=E0EEC3D9CB4E5165ED16933737822748.SJ3A?page=Wireless_-_Mobility_discussion
    This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
  THANKS

• Cisco PIX 501 to Cisco Concentrator 3005 via Remote Access

  Hello folks,
  I need your help.
  We got a Cisco PIX 501 in one location and this pix is configured for pppoe dial out. The pix connects itself to the internet via pppoe client. ping to an offical ip is running well.
  So what I want to do is to establish a von tunnel between this pix and a cisco 3005 concentrator.
  But I was not successull to establish it.
  Here is the pix config. the acl?s are only for testing and will be replaced if it works.
  PIX Version 6.3(4)
  interface ethernet0 10baset
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password xxx
  passwd xxx
  hostname PIX-AU
  domain-name araukraine.ua
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol ils 389
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  access-list outside permit ip any any
  access-list inside_access_in permit ip any any
  pager lines 24
  logging on
  logging monitor warnings
  logging buffered warnings
  mtu outside 1456
  mtu inside 1456
  ip address outside pppoe setroute
  ip address inside 192.168.x.x 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  pdm location 192.168.x.x 255.255.255.224 inside
  pdm logging warnings 500
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  access-group outside in interface outside
  access-group inside_access_in in interface inside
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.x.x 255.255.x.x inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  telnet 192.168.x.x 255.255.x.x inside
  telnet timeout 5
  ssh 194.39.97.0 255.255.255.0 outside
  ssh timeout 5
  management-access inside
  console timeout 0
  vpdn group pppoe_group request dialout pppoe
  vpdn group pppoe_group localname [email protected]
  vpdn group pppoe_group ppp authentication pap
  vpdn username [email protected] password *********
  encrypted privilege 15
  vpnclient server 212.xx.xx.xx
  vpnclient mode network-extension-mode
  vpnclient vpngroup vpntest password ********
  vpnclient username pixtest password ********
  terminal width 80
  on the concentrator I created a user pixtest, a group vpntest and I?ve created rules for the network e.g. to which server the users behind the pix will be able to access.
  And that?s all.
  I could not send you the output either of the pix or concentrator because I did not get an error or a message that the tunnel will be established.
  What can be wrong ?
  Thanks for the replies

  This sample configuration demonstrates how to form an IPsec tunnel from a PC that runs the Cisco VPN Client (4.x and later) to a Cisco VPN 3000 Concentrator to enable the user to securely access the network inside the VPN Concentrator.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

• Cisco Pix 501 - Need help with VPN passthrough

  Greetings!
  Currently I have a Cisco Pix 501 version 6.3(1) which is in front of my Windows Server 2008 box. I am fairly new to firewalling, especially with the Cisco Pix; I have been able to accomplish some port forwarding for CCTV camera software, etc. but am coming to a standstill attempting to connect a company laptop (Windows 7 Professional) to the server via VPN.
  Previously we had another facility which was able to connect through VPN but it has since been removed (and always seemed to not be very stable to begin with - though it was connecting to a Server 2003 box rather than 2008).
  I have been through several articles both here and other forums and have attempted several of the proposed fixes. I'm almost sure at this point I've probably opened up more of my firewall then necessary and may have duplicate information attempted to complete this passthrough. My Server 2008 resides at 192.168.1.15, below is what I have thus far. The "crypto map" sections were all completed long before I took over, I believe this is how the old VPN was set up. What I have added since beginning this endevour is the "fixup protocol pptp 1723", the "access-list" entries relating to both pptp and gre, and the "static (inside, outside)" relating to the pptp.
  I am still continuously getting an error on the laptop of "800" whenever I try to connect to the VPN. Any help would be greatly appreciated as I am rapidly losing hair attempting to get this situated.
  : Saved
  PIX Version 6.3(1)
  interface ethernet0 auto
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password RysZD25GpRAOMhF. encrypted
  passwd 0I6TSwviLDtVwaTr encrypted
  hostname Lorway-PIX
  domain-name lorwayco.com
  fixup protocol ftp 21
  fixup protocol ftp 22
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol ils 389
  fixup protocol pptp 1723
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  no fixup protocol smtp 25
  fixup protocol sqlnet 1521
  names
  access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
  access-list outside_access_in permit icmp any any
  access-list outside_access_in permit tcp any any eq 50000
  access-list outside_access_in permit udp any any eq 50000
  access-list outside_access_in permit tcp any any eq smtp
  access-list outside_access_in permit tcp any any eq www
  access-list outside_access_in permit tcp host 66.242.236.26 any eq smtp
  access-list outside_access_in permit tcp host 208.21.46.12 any eq smtp
  access-list outside_access_in permit tcp host 68.59.232.176 any eq smtp
  access-list outside_access_in permit tcp any any eq pop3
  access-list outside_access_in permit tcp any any eq https
  access-list outside_access_in permit tcp any any eq ftp
  access-list outside_access_in permit tcp host 68.53.192.139 any eq smtp
  access-list outside_access_in permit tcp any any eq ftp-data
  access-list outside_access_in permit tcp any any eq 1009
  access-list outside_access_in permit tcp any host 192.168.1.122 eq 7000
  access-list outside_access_in permit tcp host 192.168.1.122 any eq 7000
  access-list outside_access_in permit tcp any any eq 7000
  access-list outside_access_in permit tcp any any eq pptp
  access-list outside_access_in permit gre any any
  access-list 10 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list 20 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
  access-list 30 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside 74.221.188.249 255.255.255.0
  ip address inside 192.168.1.1 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  pdm logging informational 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list 80
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  static (inside,outside) tcp interface 3389 192.168.1.15 3389 netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface 50000 192.168.1.160 50000 netmask 255.255.255.255 0 0
  static (inside,outside) udp interface 50000 192.168.1.160 50000 netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface smtp 192.168.1.15 smtp netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface https 192.168.1.15 https netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface www 192.168.1.15 www netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface pop3 192.168.1.15 pop3 netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface 7000 192.168.1.122 7000 netmask 255.255.255.255 0 0
  static (inside,outside) tcp interface pptp 192.168.1.15 pptp netmask 255.255.255.255 0 0
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 74.221.188.1 1
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  snmp-server host inside 192.168.1.118
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  sysopt connection permit-pptp
  sysopt connection permit-l2tp
  crypto ipsec transform-set lorway1 esp-3des esp-sha-hmac
  crypto map lorwayvpn 30 ipsec-isakmp
  crypto map lorwayvpn 30 match address 30
  crypto map lorwayvpn 30 set peer 66.18.55.250
  crypto map lorwayvpn 30 set transform-set lorway1
  crypto map lorwayvpn interface outside
  isakmp enable outside
  isakmp key ******** address 66.18.50.178 netmask 255.255.255.255
  isakmp key ******** address 66.18.55.250 netmask 255.255.255.255
  isakmp identity address
  isakmp nat-traversal 20
  isakmp policy 9 authentication pre-share
  isakmp policy 9 encryption 3des
  isakmp policy 9 hash sha
  isakmp policy 9 group 2
  isakmp policy 9 lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh 0.0.0.0 0.0.0.0 inside
  ssh timeout 60
  console timeout 0
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd auto_config outside
  terminal width 80
  Cryptochecksum:5c7b250c008519fe970262aa3bc28bb5
  : end

  Config looks good to me.
  I would actually upgrade your PIX to the latest version of 6.3.x if you still have access to the software center as this PIX is on its EOL and you are running an extremely old version of code.
  If you place your Windows server bypassing the PIX temporarily, I assume you are able to connect to the VPN?