Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn-3002 client-mode connection question

Hello everybody,

Thank you for reading my post.

I am a newbie ini cisco, and I have a question for you:

Goal:

Connecting a VPN-3002 HW Client to a VPN-3005 Concentrator (managed by a different person)

Information provider by the Host:

- Peer: x.x.x.x

- Authentication ESP/MD5/HMAC-128

- Encryption: 3DES-168

- IKE Proposal: IKE-3DES-MD5

- Preshared Key: *********

Try-outs:

I have configured my private interface and my public interface, but I don't know how to specify the vpn3002 authentication. I have read cisco documentation and it specifies that authentification is not required for the vpn3002 (http://www.cisco.com/en/US/products/hw/vpndevc/ps2286/products_user_guide_chapter09186a00803ef6de.html)

Then, I am trying to connect to the host (vpn-3005) but I don't know where to replace the preshared key, and I am receiving the following error: Rxed Hash is incorrect: "Pre-shared key or Digital Signature mismatch".

Reading about that problem, I found the following (vpn3002 Getting started pdf document):

IPSec

If you use digital

certificates, you

do not need to

enter this

information.

Both of the following :

• The IKE peer address, that is, the IP address for the public

interface of the central-site VPN Concentrator to which this

VPN 3002 connects.

• IPSec group names, usernames, and passwords. These must

match the group names, usernames, and passwords configured

on the central-site VPN Concentrator

Questions:

What is exactly is a digital certificate??

How to load a digital certificate??

Does it have to be provided by the host concentrator???

Must the host concentrator admin provide a group name, user name and password???

Any comment is welcome,

Regards,

Jaime

1 REPLY
Silver

Re: vpn-3002 client-mode connection question

Configuring VPN 3000 concentrator to get Digital Certificate using Enroll via PKCS10 Request(Manual).

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a00800946f1.shtml

Configuring VPN 3000 concentrator to get Digital Certificate using Simple Certificate Enrollment Protocol

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a008009406e.shtml

254
Views
0
Helpful
1
Replies