Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
903
Views
0
Helpful
2
Replies

PIX 6.3.5 disabling Xauth and Modecfg for one peer

orbanattila
Level 1
Level 1

‎06-10-2008 12:32 AM - edited ‎02-21-2020 02:03 AM

Hi,

The PIX is used as Easy VPN server and L2L gateway in the same time. I have difficulties with a new L2L VPN (isakmp authentication rsa-sig) because the PIX sends Xauth and Modecfg requests and the peer (Linux box with OpenSwan) tries to interpret them (received MODECFG message when in state STATE_MAIN_I4, and we aren't xauth client) and the VPN setup fails after phase 1.

I tried to disable Xauth and Modecfg for this peer with "isakmp peer fqdn FQDN no-xauth no-config-mode" but the PIX still sends the Xauth and Modecfg requests.

Can anyone give a clue what FQDN should be? (from DNS using reverse lookup for peers IP, or the FQDN from the certificate, any other tips?)

Thanks,

Attila

0 Helpful
2 Replies 2

aghaznavi
Level 5
Level 5

‎06-16-2008 07:53 AM

Try this no crypto xauth interface-name in the specific interface . Where interface is the crypto map intf or IKE endpoint for bypassing the authentication.

0 Helpful

orbanattila
Level 1
Level 1
In response to aghaznavi

‎06-17-2008 12:06 AM

It's not a valid command ...

(config)# no crypto xauth outside

Invalid keyword: "xauth"

As I mentioned earlier Xauth cannot be disabled globally because is needed for EZVPN.

Thanks anyway

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card