Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
6
Replies

PIX 501 issues with 'old' config

marketgraph
Level 1
Level 1

‎05-21-2007 05:15 AM - edited ‎02-21-2020 01:31 AM

Hi,

I'm trying to setup a PIX501 as an EasyVPN client. This device has been used to test some stuff with dedicated ipsec connections but now I want it back to an EasyVPN connection.

When I fill in all the EasyVPN settings

vpnclient server 213.x.x.x

vpnclient vpngroup xxx password yyy

vpnclient username xxx password yyy

vpnclient mode network-extension-mode

As soon as I hit "vpnclient enable" I get the following error:

A pre-shared key for address 213.x.x.x netmask 255.255.255.255 already exists!

ERROR: PIX Easy VPN Remote configuration failed. Required parameters are not configured.

I've search on the internet and tried to remove the key:

no isakmp key *** address 213.x.x.x

which gives the error:

Pre-shared key not found for address 213.x.x.x netmask 255.255.255.255

Then I tried "clear mem" resetup everything, still the same.

How can I clear this preshared key which I cannot see in the running-configuration...

Please help!

0 Helpful
6 Replies 6

ggilbert
Cisco Employee
Cisco Employee

‎05-21-2007 06:07 PM

Have you tried to reboot the PIX firewall and then issue the command "vpnclient enable"

Make sure you do not have the command starting with "isakmp", if you do - please take them out and "sh cry isakmp"

Cheers

Gilbert

0 Helpful

marketgraph
Level 1
Level 1
In response to ggilbert

‎05-22-2007 12:33 AM

Thanks for your suggestions, but "show crypto isakmp" returns nothing (there are no isakmp lines in the config at all!) and I've probably reloaded the PIX over a hundred times ;)

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to marketgraph

‎05-22-2007 01:26 AM

How about you change the IP address on the vpnclient server command and then issue vpnclient enable.

I am sure the PIX will take that command, now remove the whole config of the vpnclient and then re-add with the proper server IP.

Let me know how it goes.

Regards,

Gilbert

0 Helpful

marketgraph
Level 1
Level 1
In response to ggilbert

‎05-22-2007 01:51 AM

Tried that, and true the PIX doesn't complain upon chainging IP address. after that, it did a "no vpnclient (vpngroup/server/username/mode)" (so "show vpnclient" reported nothing, save the configuration and reloaded the pix. Set it up again, and as soon as I do the "vpnclient enable" same error.

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to marketgraph

‎05-22-2007 02:01 AM

Weird!! - Lets try this...

Copy and paste the config in note pad, except for the password.

Would it be possible if you do could "wr erase" & reload. Copy and paste the config from notepad to the PIX.

Make sure you are on console - wr erase will disable telnet or ssh access. :)

Then try your vpnclient command, see how it works out.

Or you even tried this scenario ?

Cheers

Gilbert

0 Helpful

marketgraph
Level 1
Level 1
In response to ggilbert

‎05-22-2007 02:16 AM

I've already did a write erase, and reload back to default configuration. Updated all configuration options and still the same error.

So I've got no idea at all why it still keeps complaining about this error. Maybe some file in the flash is broken or...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card