06-10-2008 12:32 AM - edited 02-21-2020 02:03 AM
Hi,
The PIX is used as Easy VPN server and L2L gateway in the same time. I have difficulties with a new L2L VPN (isakmp authentication rsa-sig) because the PIX sends Xauth and Modecfg requests and the peer (Linux box with OpenSwan) tries to interpret them (received MODECFG message when in state STATE_MAIN_I4, and we aren't xauth client) and the VPN setup fails after phase 1.
I tried to disable Xauth and Modecfg for this peer with "isakmp peer fqdn FQDN no-xauth no-config-mode" but the PIX still sends the Xauth and Modecfg requests.
Can anyone give a clue what FQDN should be? (from DNS using reverse lookup for peers IP, or the FQDN from the certificate, any other tips?)
Thanks,
Attila
06-16-2008 07:53 AM
Try this no crypto xauth interface-name in the specific interface . Where interface is the crypto map intf or IKE endpoint for bypassing the authentication.
06-17-2008 12:06 AM
It's not a valid command ...
(config)# no crypto xauth outside
Invalid keyword: "xauth"
As I mentioned earlier Xauth cannot be disabled globally because is needed for EZVPN.
Thanks anyway
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide