Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
1
Replies

Initiating aggressive mode with IPSec

kicharle
Level 1
Level 1

‎10-16-2009 12:13 AM - edited ‎02-21-2020 04:21 PM

Hi all

With pre-shared key, if I need to initiate an aggressive site to site IPSec connection, I configure the following:

crypto isakmp peer hostname ciscoasa

set aggressive client-endpoint fqdn ciscoasa

set aggressive password cisco

But if I am going to use certificates with the following configuration, the tunnel doesn't comes up:

crypto isakmp peer hostname ciscoasa

set aggressive client-endpoint fqdn ciscoasa

Please let me know the necessary commands to initiate an IPSec site to site connection with digital certificates.

Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎10-21-2009 05:41 AM

Hi,

You may check this:

ASA/PIX 8.x: Site-to-Site IPSec VPN Authentication Using Digital Certificates with Microsoft CA Configuration Example

https://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aa5be1.shtml

HTH

JK

Plz rate helpful posts-

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents