PIX 506 to Cisco 2800 IPsec VPN, no shared keys howto.

Unanswered Question
Jul 22nd, 2008

Hello good morning ! Well let's see . . . I have to do a IPSec VPN from a on-production PIX506 to an on-production 2800 VPN concentrator, but it's a kind of tunnel that is not using pre-shared keys to AUTH. It's the kind of tunnel that uses only a determined public IP to connect to each other side of the tunnel. Now, do you know how to configure the pix properly to get this running ? I can't find any document that explains how to a tunnel without a pre-shared key or other kind of auth.

On the Cisco 2800 we already have 3 tunnels working that way and the config look like this:

crypto map SDM_CMAP_1 3 ipsec-isakmp

description mycryptomap

set peer xx.xxx.xx.115

set security-association lifetime seconds 86400

set transform-set ESP-3DES-SHA1

match address 105

Nothing more a part of the transform set and few low level config is done to get the tunnel working, so any idea on how to connect there with the PIX ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Tue, 07/22/2008 - 23:44

you have the key or cerificate

show your crypto iskmp policy

godzilla0 Wed, 07/23/2008 - 00:04

Those cryptomaps are not taking any of the isakmp policy. The isakmp policy show 3des and pre-shared keys but that is for easy VPN customers. Those 3 tunnels are not using those policies

Actions

Login or Register to take actions

This Discussion

Posted July 22, 2008 at 11:36 PM
Stats:
Replies:2 Overall Rating:
Views:244 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Federico Coto F...
1,913
2
Jouni Forss
1,876
3
Marvin Rhoads
1,595
4
Karsten Iwen
1,109
5
Jon Marshall
683
Rank Username Points
Jon Marshall
145
rizwanr74
77
Karsten Iwen
46
Marvin Rhoads
20
antondaneyko
10