PIX 501 issues with 'old' config

Unanswered Question
May 21st, 2007


I'm trying to setup a PIX501 as an EasyVPN client. This device has been used to test some stuff with dedicated ipsec connections but now I want it back to an EasyVPN connection.

When I fill in all the EasyVPN settings

vpnclient server 213.x.x.x

vpnclient vpngroup xxx password yyy

vpnclient username xxx password yyy

vpnclient mode network-extension-mode

As soon as I hit "vpnclient enable" I get the following error:

A pre-shared key for address 213.x.x.x netmask already exists!

ERROR: PIX Easy VPN Remote configuration failed. Required parameters are not configured.

I've search on the internet and tried to remove the key:

no isakmp key *** address 213.x.x.x

which gives the error:

Pre-shared key not found for address 213.x.x.x netmask

Then I tried "clear mem" resetup everything, still the same.

How can I clear this preshared key which I cannot see in the running-configuration...

Please help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Mon, 05/21/2007 - 18:07

Have you tried to reboot the PIX firewall and then issue the command "vpnclient enable"

Make sure you do not have the command starting with "isakmp", if you do - please take them out and "sh cry isakmp"



marketgraph Tue, 05/22/2007 - 00:33

Thanks for your suggestions, but "show crypto isakmp" returns nothing (there are no isakmp lines in the config at all!) and I've probably reloaded the PIX over a hundred times ;)

ggilbert Tue, 05/22/2007 - 01:26

How about you change the IP address on the vpnclient server command and then issue vpnclient enable.

I am sure the PIX will take that command, now remove the whole config of the vpnclient and then re-add with the proper server IP.

Let me know how it goes.



marketgraph Tue, 05/22/2007 - 01:51

Tried that, and true the PIX doesn't complain upon chainging IP address. after that, it did a "no vpnclient (vpngroup/server/username/mode)" (so "show vpnclient" reported nothing, save the configuration and reloaded the pix. Set it up again, and as soon as I do the "vpnclient enable" same error.

ggilbert Tue, 05/22/2007 - 02:01

Weird!! - Lets try this...

Copy and paste the config in note pad, except for the password.

Would it be possible if you do could "wr erase" & reload. Copy and paste the config from notepad to the PIX.

Make sure you are on console - wr erase will disable telnet or ssh access. :)

Then try your vpnclient command, see how it works out.

Or you even tried this scenario ?



marketgraph Tue, 05/22/2007 - 02:16

I've already did a write erase, and reload back to default configuration. Updated all configuration options and still the same error.

So I've got no idea at all why it still keeps complaining about this error. Maybe some file in the flash is broken or...


This Discussion