Solved: site to site vpn query

donnie · ‎05-05-2010

Hi all,

I have a pix firewall that has a site to site vpn with another branch office. It is also working as a remote vpn.

Below are the commands use to setup the ipsec tunnel. Both site to site vpn and remote client vpn works fine.

I was wondering if the command "crypto map testmap client authentication LOCAL" would affect my site to site vpn in anyway since only remote client vpn does authentication base on username and password set on my firewall. Thks in advance.

crypto map testmap 20 ipsec-isakmp
crypto map testmap 20 match address outside_cryptomap_20
crypto map testmap 20 set peer 2xx.xx.xx.xx
crypto map testmap 20 set transform-set ESP-DES-MD5
crypto map testmap 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map testmap client authentication LOCAL
crypto map testmap interface outside

Federico Coto Fajardo · ‎05-05-2010

Hi,

If its a PIX running version 6.x, you have a command like:

crypto isakmp key xxxxxxx peer 1.1.1.1 no-xauth

You should add the ''no xauth'' to the peer, so that the L2L won't be prompted for Extended Authentication (only the remote VPN clients).

Federico.

View solution in original post

Federico Coto Fajardo · ‎05-05-2010

Hi,

If its a PIX running version 6.x, you have a command like:

crypto isakmp key xxxxxxx peer 1.1.1.1 no-xauth

You should add the ''no xauth'' to the peer, so that the L2L won't be prompted for Extended Authentication (only the remote VPN clients).

Federico.

donnie · ‎05-05-2010

Hi Federico,

Thk you for the prompt response.

Yes i have the command line you mentioned in my config which explains why my site to site vpn works without username/password authentication. Thk you.