PIX 506 to Cisco 2800 IPsec VPN, no shared keys howto.

Unanswered Question
Jul 22nd, 2008
User Badges:

Hello good morning ! Well let's see . . . I have to do a IPSec VPN from a on-production PIX506 to an on-production 2800 VPN concentrator, but it's a kind of tunnel that is not using pre-shared keys to AUTH. It's the kind of tunnel that uses only a determined public IP to connect to each other side of the tunnel. Now, do you know how to configure the pix properly to get this running ? I can't find any document that explains how to a tunnel without a pre-shared key or other kind of auth.

On the Cisco 2800 we already have 3 tunnels working that way and the config look like this:

crypto map SDM_CMAP_1 3 ipsec-isakmp

description mycryptomap

set peer xx.xxx.xx.115

set security-association lifetime seconds 86400

set transform-set ESP-3DES-SHA1

match address 105

Nothing more a part of the transform set and few low level config is done to get the tunnel working, so any idea on how to connect there with the PIX ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Tue, 07/22/2008 - 23:44
User Badges:
  • Gold, 750 points or more

you have the key or cerificate

show your crypto iskmp policy

godzilla0 Wed, 07/23/2008 - 00:04
User Badges:

Those cryptomaps are not taking any of the isakmp policy. The isakmp policy show 3des and pre-shared keys but that is for easy VPN customers. Those 3 tunnels are not using those policies


This Discussion