Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with MS CA server

hi,

I have Microsoft CA server with latest SCEP support and pix 501 that gets digital certificate. I also get certificate to Cisco client, but VPN does not work

In IPSec Log Viewer i constantly get "CM_IKE_ESTABLISH_FAIL"

This worked fine before Win2k server was completely updated with latest patches.

The configuration on pix is the same as in article http://www.cisco.com/warp/public/471/configipsecsmart.html

I reinstall standalone CA server and SCEP support but had no luck.

what could be wrong ?

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with

This looks like IKE establisment problem. Make DH as group 2 for ISAKMP policy.

Check this link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/exvpncl.htm

3 REPLIES
Bronze

Re: VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with

This looks like IKE establisment problem. Make DH as group 2 for ISAKMP policy.

Check this link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/exvpncl.htm

New Member

Re: VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with

hi there:

i also failed with the same scenerio as you, i managed to enroll cert with MS CA but the client failed wtih "CM_IKE_ESTABLISH_FAIL" Do you manage to solve it?

New Member

Re: VPN betwen cisco unify client 3.6.3 and Pix 501 6.2(1) with

it realy was the isakmp policy problem

the hash has to be md5 with client 3.6.3

tnx

92
Views
0
Helpful
3
Replies
CreatePlease to create content