Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need Help: Concurrent 1750 and VPN Client termination to PIX 515

Hello All:

I have looked through all of the documents I can find on the topic and I can't find anything that matches. Also, most of the other configurations that didn't exactly match broke the whole thing in a fairly impressive manner.

I have multiple sites running 1750 routers with 12.2(11)T2, many VPN Client users calling in from all over the country, all terminating into a PIX 515 running 6.2(2)

The clients work flawlessly, authenticating off a Tacacs server. With the 1750's, I want them to connect for interesting traffic without authenticating against the Tacacs server. I have tried as many configs as I can think of, but none work.

If anyone has a template or hints, I would be extremely grateful. I can certainly provide the configs I have if that will help.

Mike

2 REPLIES
Bronze

Re: Need Help: Concurrent 1750 and VPN Client termination to PIX

Mike,

Make sure, for the lan-lan tunnels preshared keys, add no-xauth to disable authentication to the tacacs server

Here is a sample config that you might find interesting. This is for lan-lan tunnel between 2 pixes, but it shows you how to disable x-auth for the lan-lan tunnels

http://www.cisco.com/warp/customer/110/pixpixvpn.html

Jazib

New Member

Re: Need Help: Concurrent 1750 and VPN Client termination to PIX

Thanks Jazib:

I was able to find a configuration that worked (finally). The problem turned out to be the ACL's on the PIX side.

Mike

91
Views
0
Helpful
2
Replies
CreatePlease login to create content