PIX 7.0 to MS ISA 2006 VPN

Unanswered Question
May 14th, 2008

Strangely the ISA Server is using a dynamic crypto map instead of the crypto map that I have configured for it?

Anyone seen this before?

Have checked settings and both ISA and PIX are using same settings for Phases 1 and 2.

Has anybody actually setup a VPN between these two. Have read lots of theory but no evidence of it actually working?

Many thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Tue, 05/20/2008 - 06:21

Check if the command "crypto map map-name seq-num [ipsec-isakmp] [dynamic dynamic-map-name] [discover] [profile profile-name]" with "dynamic" option is used as this will make the dynamic map to be used instead of the crypto map configured.

Dynamic option specifies that this crypto map entry is to reference a preexisting dynamic crypto map. Dynamic crypto maps are policy templates used in processing negotiation requests from a peer IPSec device. If you use this keyword, none of the crypto map configuration commands will be available.

Try using "crypto map map-name seq-num [ipsec-manual]"

Refer teh following url for more information about this command:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142

Actions

This Discussion