Multiple IKE Pre-Shared Keys for same peer IP (on PIX)?
I'm looking to configure a PIX (v6.2) to accept connections from various IPSec VPN clients which will be connection from dynamily assigned IP addresses (no way to predict ranges). The clients will be anything from xDSL routers to dialup clients. (In general, they will not be using Cisco's own VPN client software, although I don't think this fact is particularly improtant here). We'll be using Pre-Shared IKE key(s).
Since I don't know in advance what IP addresses the VPN clients will be connecting from, I need to set the pre-shared key using a command such as:-
This sets a pre-shared key of <keystring> for all potential peers.
My question is: Can I set more than one pre-shared key for the same range - i.e. 0.0.0.0/0.0.0.0? (I don't yet have the PIX to try this out on). I want different users to have different pre-shared keys.
I know I could set different pre-shared key for different IP addresses or subnets by using multiple "isakmp key" commands with different "address" and "netmask" values, but my specific requirement is to have multiple different pre-shared keys for the catch-all range as above.
Is this possible, or is there a sifferent way to achieve what I have in mind?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...