Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between pix and Symantec firewall

Are there any potential issues configuring a vpn session between PIX and a Symantec firewall?

On Symantec webpage I do see that if either one or both ends are undergoing a NAT, then the VPN negotiation doesnt take place. To get over with this, they have asked to configure the Cisco box to set the command,

isakmp identity key-id <phase 1 id>

Are there any other things to be noted, or taken care of ??

Can I configure the pix to be an easy vpn client, while make the symantec box push the configs to the pix ?


Re: VPN between pix and Symantec firewall

Yes, the PIX firewall can be used as an easy VPN client or more accurately, as an 'Cisco Easy VPN Remote'. However, you might have an issue with using the PIX as an easy vpn client with the 'isakmp identity key-id' command configured on it. To quote the documentation I came across, "if the VPN client feature is enabled on the firewall, the vpnclient group name takes precedence over the isakmp identity key-id setting, and the firewall sends vpnclient group name as the key-id". Thus, on the PIX configured as an easy VPN client, the 'isakmp identity key-id' command will not send the specified key_id_string and this might cause problems in your setup.

CreatePlease login to create content