Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dynamic ip for a pix 501 to create a vpn to a 3005

I've try setting up the pix 501 with the ezvpn to the 3005 but kept getting a no acceptable IKE SA on the concentrator.

The samples shows the pix 501 with only vpnclient statements as show below:

vpnclient vpngroup hwclient password <password>

vpnclient server <ip address>

vpnclient mode network-extension-mode

Does the pix 501 require any other statements?

1 REPLY
New Member

Re: dynamic ip for a pix 501 to create a vpn to a 3005

Hi,

The PIX 501, that is the only command you need.

Is that your PIX only have DES encryption key?

If in that situation, I think in the 3005 , you shoose"IKE-DES-MD5" is the IPSEC SA in the group settings.

Please goto "Configuration | System | Tunneling Protocols | IPSec | IKE Proposals | Modify"

Modify "IKE-DES-MD5"

Change "Diffie-Hellman Group" from group 1 to group 2

Because easy VPN client using group 2, VPN 3000 concentrator default for DES is group 1, for 3DES is group 2.

If you do not change it for DES, it will fail in the ISAKMP negotiation.

Best Regards,

81
Views
0
Helpful
1
Replies
CreatePlease login to create content