Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 7.0 to MS ISA 2006 VPN

Strangely the ISA Server is using a dynamic crypto map instead of the crypto map that I have configured for it?

Anyone seen this before?

Have checked settings and both ISA and PIX are using same settings for Phases 1 and 2.

Has anybody actually setup a VPN between these two. Have read lots of theory but no evidence of it actually working?

Many thanks

1 REPLY
Silver

Re: PIX 7.0 to MS ISA 2006 VPN

Check if the command "crypto map map-name seq-num [ipsec-isakmp] [dynamic dynamic-map-name] [discover] [profile profile-name]" with "dynamic" option is used as this will make the dynamic map to be used instead of the crypto map configured.

Dynamic option specifies that this crypto map entry is to reference a preexisting dynamic crypto map. Dynamic crypto maps are policy templates used in processing negotiation requests from a peer IPSec device. If you use this keyword, none of the crypto map configuration commands will be available.

Try using "crypto map map-name seq-num [ipsec-manual]"

Refer teh following url for more information about this command:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142

100
Views
0
Helpful
1
Replies