PIX isakmp identity adddress vs hostname ?

Unanswered Question
May 31st, 2007
User Badges:

Hi

how can I specify the hostname if the default is isakmp identity choosen (hostname) ?


And again, I have different peers configured on my PIX, may I use for some identity address and for other hostname ?


Tks

Ric

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ggilbert Thu, 05/31/2007 - 05:28
User Badges:
  • Cisco Employee,

Ric,


"isakmp identity hostname" is used for certificates matching the FQDN.


If you are not using certificates but pre-shared keys, then it would be "isakmp identity address"


Hope this helps.


Cheers

Gilbert

James Lasky Fri, 06/01/2007 - 00:01
User Badges:

Thanks Gilbert

what I want to do is use for some peers hostname and for other address.


I'm running Cisco PIX Firewall Version 6.3(4)


Greetings

Ric

ggilbert Fri, 06/01/2007 - 00:26
User Badges:
  • Cisco Employee,

Ric,


Its a catch 22 situation if you are running 6.3.4 version of code. If it was 7.x, then the keyword auto would do the trick for you.


But since you are running 6.3.4, it would just be either address or hostname configuration.


Sorry!!


Rate this post, if it answered your questions.


Gilbert

cpembleton Fri, 06/01/2007 - 05:00
User Badges:
  • Silver, 250 points or more

You can use the command below. I use this to match specific tunnel groups for remote pix's connecting to my main site.



isakmp identity key-id AnyValueHere


Thanks,

Chad


Please rate if this helps!

ggilbert Fri, 06/01/2007 - 05:14
User Badges:
  • Cisco Employee,

Chad,


The PIX version being used here is 6.3.4

Tunnel-groups were introduced in 7.x version of code.


Just my thought.


Cheers

Gilbert

cpembleton Fri, 06/01/2007 - 05:29
User Badges:
  • Silver, 250 points or more

So True!


Was thinking of vpngroups with easyvpn.


Thanks

Chad

Actions

This Discussion