05-31-2007 02:10 AM
Hi
how can I specify the hostname if the default is isakmp identity choosen (hostname) ?
And again, I have different peers configured on my PIX, may I use for some identity address and for other hostname ?
Tks
Ric
05-31-2007 05:28 AM
Ric,
"isakmp identity hostname" is used for certificates matching the FQDN.
If you are not using certificates but pre-shared keys, then it would be "isakmp identity address"
Hope this helps.
Cheers
Gilbert
06-01-2007 12:01 AM
Thanks Gilbert
what I want to do is use for some peers hostname and for other address.
I'm running Cisco PIX Firewall Version 6.3(4)
Greetings
Ric
06-01-2007 12:26 AM
Ric,
Its a catch 22 situation if you are running 6.3.4 version of code. If it was 7.x, then the keyword auto would do the trick for you.
But since you are running 6.3.4, it would just be either address or hostname configuration.
Sorry!!
Rate this post, if it answered your questions.
Gilbert
06-01-2007 05:00 AM
You can use the command below. I use this to match specific tunnel groups for remote pix's connecting to my main site.
isakmp identity key-id AnyValueHere
Thanks,
Chad
Please rate if this helps!
06-01-2007 05:14 AM
Chad,
The PIX version being used here is 6.3.4
Tunnel-groups were introduced in 7.x version of code.
Just my thought.
Cheers
Gilbert
06-01-2007 05:29 AM
So True!
Was thinking of vpngroups with easyvpn.
Thanks
Chad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide