PIX isakmp identity adddress vs hostname ?

Unanswered Question
May 31st, 2007

Hi

how can I specify the hostname if the default is isakmp identity choosen (hostname) ?

And again, I have different peers configured on my PIX, may I use for some identity address and for other hostname ?

Tks

Ric

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ggilbert Thu, 05/31/2007 - 05:28

Ric,

"isakmp identity hostname" is used for certificates matching the FQDN.

If you are not using certificates but pre-shared keys, then it would be "isakmp identity address"

Hope this helps.

Cheers

Gilbert

James Lasky Fri, 06/01/2007 - 00:01

Thanks Gilbert

what I want to do is use for some peers hostname and for other address.

I'm running Cisco PIX Firewall Version 6.3(4)

Greetings

Ric

ggilbert Fri, 06/01/2007 - 00:26

Ric,

Its a catch 22 situation if you are running 6.3.4 version of code. If it was 7.x, then the keyword auto would do the trick for you.

But since you are running 6.3.4, it would just be either address or hostname configuration.

Sorry!!

Rate this post, if it answered your questions.

Gilbert

cpembleton Fri, 06/01/2007 - 05:00

You can use the command below. I use this to match specific tunnel groups for remote pix's connecting to my main site.

isakmp identity key-id AnyValueHere

Thanks,

Chad

Please rate if this helps!

ggilbert Fri, 06/01/2007 - 05:14

Chad,

The PIX version being used here is 6.3.4

Tunnel-groups were introduced in 7.x version of code.

Just my thought.

Cheers

Gilbert

Actions

This Discussion