Cisco Support Community
Community Member

Problem with vpn tunnel when upgrading pix os

I´am trying to connect Vpn tunnel between VPN3000 (only basegroup with pre-shared key) and Pix 501. It´s working fine with Pix OS 6.2.2. But when i upgrade to 6.3.5 i get this error "Xauth required but selected Proposal does not support xauth,

Check priorities of ike xauth proposals in ike proposal list". I have checked the basegroup for IKE Proposal and it is correct. Here is my Pix config.

access-list inside_outbound_nat0_acl permit ip

access-list outside_cryptomap_20 permit ip

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0 0

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set peer

crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address netmask no-xauth no-config-mode

isakmp identity address

isakmp keepalive 10 10

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

I would be very grateful for an answer. /Jonny


Re: Problem with vpn tunnel when upgrading pix os

Change to IKE proposal to preshare and see if that works.


Re: Problem with vpn tunnel when upgrading pix os

it may help if you change both isakmp policy and ipsec transform set from des to 3des/aes.

3des is free now. to register with cisco,

and select *FREE* Register for PIX DES or 3DES/AES IPSec software feature keys

if your login can't get access, then open a tac case.


Re: Problem with vpn tunnel when upgrading pix os

just wondering how you go.

CreatePlease to create content