Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 6.3.5 disabling Xauth and Modecfg for one peer

Hi,

The PIX is used as Easy VPN server and L2L gateway in the same time. I have difficulties with a new L2L VPN (isakmp authentication rsa-sig) because the PIX sends Xauth and Modecfg requests and the peer (Linux box with OpenSwan) tries to interpret them (received MODECFG message when in state STATE_MAIN_I4, and we aren't xauth client) and the VPN setup fails after phase 1.

I tried to disable Xauth and Modecfg for this peer with "isakmp peer fqdn FQDN no-xauth no-config-mode" but the PIX still sends the Xauth and Modecfg requests.

Can anyone give a clue what FQDN should be? (from DNS using reverse lookup for peers IP, or the FQDN from the certificate, any other tips?)

Thanks,

Attila

2 REPLIES
Silver

Re: PIX 6.3.5 disabling Xauth and Modecfg for one peer

Try this no crypto xauth interface-name in the specific interface . Where interface is the crypto map intf or IKE endpoint for bypassing the authentication.

New Member

Re: PIX 6.3.5 disabling Xauth and Modecfg for one peer

It's not a valid command ...

(config)# no crypto xauth outside

Invalid keyword: "xauth"

As I mentioned earlier Xauth cannot be disabled globally because is needed for EZVPN.

Thanks anyway

701
Views
0
Helpful
2
Replies
CreatePlease to create content