PIX 506 to Cisco 2800 IPsec VPN, no shared keys howto.

Unanswered Question
Jul 22nd, 2008

Hello good morning ! Well let's see . . . I have to do a IPSec VPN from a on-production PIX506 to an on-production 2800 VPN concentrator, but it's a kind of tunnel that is not using pre-shared keys to AUTH. It's the kind of tunnel that uses only a determined public IP to connect to each other side of the tunnel. Now, do you know how to configure the pix properly to get this running ? I can't find any document that explains how to a tunnel without a pre-shared key or other kind of auth.

On the Cisco 2800 we already have 3 tunnels working that way and the config look like this:

crypto map SDM_CMAP_1 3 ipsec-isakmp

description mycryptomap

set peer xx.xxx.xx.115

set security-association lifetime seconds 86400

set transform-set ESP-3DES-SHA1

match address 105

Nothing more a part of the transform set and few low level config is done to get the tunnel working, so any idea on how to connect there with the PIX ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
godzilla0 Wed, 07/23/2008 - 00:04

Those cryptomaps are not taking any of the isakmp policy. The isakmp policy show 3des and pre-shared keys but that is for easy VPN customers. Those 3 tunnels are not using those policies

Actions

Login or Register to take actions

This Discussion

Posted July 22, 2008 at 11:36 PM
Stats:
Replies:2 Avg. Rating:
Views:243 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard