Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS 12.2(8)T5 - isakmp and dynamic crypto map w/ or w/o xauth

We use an IOS Router for VPN Termination and we have some remote SOHOs equipped with routers (dynamic IP) and others equipped with VPN Client 3.x.

So we have to specify a wildcard pre-shared key for the routers with no-xauth keyword appended. But after this entry the VPN 3.x client users are not able to connect, because xauth is deactivated with above entry.

Is it a bug or per design? Any workaround for this?

1 REPLY
Cisco Employee

Re: IOS 12.2(8)T5 - isakmp and dynamic crypto map w/ or w/o xaut

looks like a bug, CSCdx35000. Workaround is to have xauth and non-xauth devices on separate crypto maps that is if it is possible to have different crypto map and you have different interfaces you apply them, or

take out the no-xauth if possible.

84
Views
0
Helpful
1
Replies
СоздатьДля создания публикации, пожалуйста в систему