Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
2
Replies

Need Help: Concurrent 1750 and VPN Client termination to PIX 515

mksmith
Level 1
Level 1

‎12-18-2002 05:00 PM - edited ‎02-21-2020 12:14 PM

Hello All:

I have looked through all of the documents I can find on the topic and I can't find anything that matches. Also, most of the other configurations that didn't exactly match broke the whole thing in a fairly impressive manner.

I have multiple sites running 1750 routers with 12.2(11)T2, many VPN Client users calling in from all over the country, all terminating into a PIX 515 running 6.2(2)

The clients work flawlessly, authenticating off a Tacacs server. With the 1750's, I want them to connect for interesting traffic without authenticating against the Tacacs server. I have tried as many configs as I can think of, but none work.

If anyone has a template or hints, I would be extremely grateful. I can certainly provide the configs I have if that will help.

Mike

Labels:
0 Helpful
2 Replies 2

jfrahim
Level 5
Level 5

‎12-18-2002 08:05 PM

Mike,

Make sure, for the lan-lan tunnels preshared keys, add no-xauth to disable authentication to the tacacs server

Here is a sample config that you might find interesting. This is for lan-lan tunnel between 2 pixes, but it shows you how to disable x-auth for the lan-lan tunnels

http://www.cisco.com/warp/customer/110/pixpixvpn.html

Jazib

0 Helpful

mksmith
Level 1
Level 1
In response to jfrahim

‎12-18-2002 09:37 PM

Thanks Jazib:

I was able to find a configuration that worked (finally). The problem turned out to be the ACL's on the PIX side.

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents