Solved: Re: VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with

rado.jelen · ‎02-24-2003

hi,

I have Microsoft CA server with latest SCEP support and pix 501 that gets digital certificate. I also get certificate to Cisco client, but VPN does not work

In IPSec Log Viewer i constantly get "CM_IKE_ESTABLISH_FAIL"

This worked fine before Win2k server was completely updated with latest patches.

The configuration on pix is the same as in article http://www.cisco.com/warp/public/471/configipsecsmart.html

I reinstall standalone CA server and SCEP support but had no luck.

what could be wrong ?

wdrootz · ‎02-28-2003

This looks like IKE establisment problem. Make DH as group 2 for ISAKMP policy.

Check this link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/exvpncl.htm

View solution in original post

wdrootz · ‎02-28-2003

This looks like IKE establisment problem. Make DH as group 2 for ISAKMP policy.

Check this link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/exvpncl.htm

marc.lee · ‎04-16-2003

hi there:

i also failed with the same scenerio as you, i managed to enroll cert with MS CA but the client failed wtih "CM_IKE_ESTABLISH_FAIL" Do you manage to solve it?

rado.jelen · ‎04-23-2003

it realy was the isakmp policy problem

the hash has to be md5 with client 3.6.3

tnx

VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with MS CA server