your right, that was what it is. but the problem I have now is, i setup my 2 sensors for IPSec and did them both the same way. one works fine but the second gets "error - can not communicate with sensor". I did everything the same. and I have tried save --> update multiple times, and changes all the keys for both sensors and its just the one that seems to have the problem. I also checked the VPN client policy and everything looks right.the 4210 works fine but the 4230FE is the one having the prob.

When setting up IPSec on more than one sensor you need to define a new tunnel template for each sensor.

Here are the steps:

1) Setup IPSec on the first sensor as usual, using the "Highly Secure Manual/IDS Encrypted" template.

2) Before setting up IPSec on the second sensor, you must add a new manual tunnel template. Right click the Highly Secure Manual folder node under IPSec Tunnel Templates and create a new Manual Tunnel Template.

3) Click the template's "Protocol" tab and create a New Proposal selecting the "ESP (HMAC-MD5, DES-CBC)" protocol.

4) Setup IPSec on the second sensor selecting this new tunnel group in the senor's "Use secure IPSec with template" dropdown box on the Control panel.

5) This will cause a new IPSec Tunnel Group node to appear under Network policy.

Use this new group to specify the manual key values.

6) After pressing Update, be sure to issue both of the IPSectool commands that appear on the command panel of the sensor nodes for both sensors.

Good Luck,

Russ

Hi,

is right... but I've only one sensor (4230) a one CSPM (2.3.3i):

I've followed the steps finded in the Cisco docs. I've issued the ipsectool commands at the root level

of the sensor console ... is right?

After this the communications has gone down and a error ide registry appeared at the cspm gui.

Graz.

Hi,

I've found the problem ! ! ! !

the vpn client to istall is note the vpn 3000 client but the old vpn 1.1!!!

I hope that Cisco release the new CSPM 3.0 in a hurry ! ! ! (I'm joking)

Graz.