Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ipsec-manual command

Looking for advice.

Having problems with an IP Sec tunnel that I have created between a Pix 515 and a Watchguard FB 1000. The tunnel will create properly between the two devices. Many times the key re-negotiating fails after the specified lifetime expires. The only way to get the tunnel back that I have found is to boot the PIX. The key renegotiation will work after the boot. I have been researching this and have a question regarding the ipsec-manual command. My idea is to set up a "non-expiring" tunnel using this command. Is this the proper use of the command. Does anyone have any expirience with this matter that they can share, such as syntax, advice, suggestions, etc.?

4 REPLIES
Bronze

Re: ipsec-manual command

Hi,

it sure will help with the re-keying issues at the Cost of less security.

Did you try 6.3.1 PIX OS?

Thx

Afaq

Anonymous
N/A

Re: ipsec-manual command

Thanks for the answer. Since the PIX is actually owned by a business partner, I can only suggest the OS upgrade. As far as the syntax of the ipsec-manual command, is the command entered at the beginning of the isakmp policy? The config is as follows:

isakmp enable outside

isakmp key ******** address 1.1.1.1 netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 1

isakmp policy 1 lifetime 3600

How would the syntax read? Sorry for the newbie questions.....my CISCO knowledge is very limited

Cisco Employee

Re: ipsec-manual command

You don't need any ISAKMP commands at all since if you define manual keys, you don't use IKE/ISAKMP.

Check out the docs at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sit2site.htm#1007447 for an example.

Anonymous
N/A

Re: ipsec-manual command

Thanks for the help. I am looking at the doc now.

175
Views
6
Helpful
4
Replies
CreatePlease to create content