To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name, use the isakmp key address command. Use the no isakmp key address command to delete a pre-shared authentication key and its associated IPSec peer address.
A netmask of 0.0.0.0. can be entered as a wildcard indicating that any IPSec peer with a given valid pre-shared key is a valid peer.
Question: Is it possible to do the same thing on the VPN 3000? I have a bunch of PIX firewalls, they use DSL w/ DHCP. I need them to operate in Network Extension Mode, but unlike PIX's, I can't seem to get the VPN 3000 to accept the "0.0.0.0" like you can do with PIX's. Anyone have any idea if it's possible or another way to accomplish the goal? Any ideas would be greatly appreciated.
(Edited: I thought you were posting this in reply to my original question, so i got a bit confused. However, I'll leave the post below just because someone might glean something..never can tell)
When talking about a Pix to Multi-pix VPN configuration using nailed up VPN's, you do not need to define any groups if you don't want to. Just add in the necessary ISAKMP and crypto commands along with the necessary access-lists and nat satements (and the sysopt command as well). When setting up the isakmp statments, just specifiy 0.0.0.0 as the peer and supply all of your remote PIX's with the preshared key you assigned. They will all then be able to form a VPN connection with that system. You could also do it via groups using the Eazy VPN server, I just prefer doing it the other way when I have the remote pix's in network extension mode.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :