11-17-2008 04:48 AM - edited 03-11-2019 07:13 AM
Hi Guys, How are you?
I need to configure ASA 5505 as central point with static IP. I already saw "PIX/ASA 7.x PIX-to-PIX Dynamic-to-Static IPsec with NAT and VPN Client Configuration Example" guide.
But the problem is when I use "isakmp key password address 0.0.0.0 netmask 0.0.0.0" command I got a error menssage saying that DefaultRAGroup is already using pre-shared-key. I already tried to configure DefaultL2LGroup and I get the same error.
I tried to configure DefaultRAGroup with "no pre-shared" but after few seconds it lost effect.
Should I remove DefaultRAGroup ?
11-21-2008 07:19 AM
For verifying the configuration for defaultl2lgroup here is the example it may help you
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
11-21-2008 08:23 AM
Hi thx for reply!
I found something interesting.
On bugtool kit i found the bug CSCsk39154:
"PIX/ASA dynamic lan to lan vpn tunnels fail negotiation with version 8.0.2.16"
Ok version 8.0.2.16 but there is more:
1st Found-In
7.0
8.0(2.16)
Fixed-In
8.0(2.19)
8.1(0.74)
7.2(4)
8.2(0.67)
7.2(3.5)
7.0(7.6)
7.1(2.65)
My ASA version is 7.2(3) and it got fixed-in 7.2(3.5). It sounds like my version is bugged, but im gonna try your suggestion! THX.
11-21-2008 08:30 AM
That is a pix 6.x command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide