Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

PIX and FQDN as isakmp identity

My pix should set up a vpn tunnel to a third-party gateway using pre-shared keys. IKE phase 1 fails, because the other side delivers its FQDN as isakmp identity. Therefore, the pix cannot find the required pre-shared key.

How do I have to configure my pix to be able to select pre-shared key for remote peer, when remote peer delivers fqdn as isakmp identity?

Thanks in advance

Edgar

  • Other Security Subjects
1 REPLY
Silver

Re: PIX and FQDN as isakmp identity

There are a couple of command that you will have to use.

-Use the "isakmp identity hostname" command in place of "isakmp identity address",

-Use "crypto map set peer " instead of "crypto map set peer "

Yuo might optionally have to use the command 'isakmp peer fqdn hostname no-xauth no-config-mode'. More information about this command is available at

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008010578b.html

401
Views
0
Helpful
1
Replies