PIX isakmp identity adddress vs hostname ?

James Lasky · ‎05-31-2007

Hi

how can I specify the hostname if the default is isakmp identity choosen (hostname) ?

And again, I have different peers configured on my PIX, may I use for some identity address and for other hostname ?

Tks

Ric

ggilbert · ‎05-31-2007

Ric,

"isakmp identity hostname" is used for certificates matching the FQDN.

If you are not using certificates but pre-shared keys, then it would be "isakmp identity address"

Hope this helps.

Cheers

Gilbert

James Lasky · ‎06-01-2007

Thanks Gilbert

what I want to do is use for some peers hostname and for other address.

I'm running Cisco PIX Firewall Version 6.3(4)

Greetings

Ric

ggilbert · ‎06-01-2007

Ric,

Its a catch 22 situation if you are running 6.3.4 version of code. If it was 7.x, then the keyword auto would do the trick for you.

But since you are running 6.3.4, it would just be either address or hostname configuration.

Sorry!!

Rate this post, if it answered your questions.

Gilbert

cpembleton · ‎06-01-2007

You can use the command below. I use this to match specific tunnel groups for remote pix's connecting to my main site.

isakmp identity key-id AnyValueHere

Thanks,

Chad

Please rate if this helps!

ggilbert · ‎06-01-2007

Chad,

The PIX version being used here is 6.3.4

Tunnel-groups were introduced in 7.x version of code.

Just my thought.

Cheers

Gilbert

cpembleton · ‎06-01-2007

So True!

Was thinking of vpngroups with easyvpn.

Thanks

Chad