Re: VPN CLIENT PROBLEM PIX V7.0(2)

herve.sauton · ‎11-22-2005

Hello,

I have a pix into V7.0(2) with a vpn client in 4.7.

The configuration is:

group-policy clientgroup internal

group-policy clientgroup attributes

vpn-idle-timeout 30

crypto ipsec transform-set myset esp-des esp-sha-hmac

crypto dynamic-map cisco 1 set transform-set myset

crypto dynamic-map cisco 1 set nat-t-disable

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

crypto map dyn-map interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group office type ipsec-ra

tunnel-group office general-attributes

address-pool vpn

authentication-server-group none

default-group-policy clientgroup

tunnel-group office ipsec-attributes

pre-shared-key ******

I have this error message on the pix:

[IKEv1]: Group = office, IP = 83.xx.xx.xx, Removing p

eer from peer table failed, no match!

Nov 22 08:52:52 [IKEv1]: Group = office, IP = 83.xx.xx.xx, Error: Unable to rem

ove PeerTblEntry

It is necessary that I add this: isakmp identity?

thank you for your reponses

spremkumar · ‎11-23-2005

hi

AFAIK isakmp identity is reqd if u have got 2 pix firewalls establshing the VPN connection between them.

you should also have this in ur easyvpn server when ur having a pix firewall as an easyvpn client.

the identity is basically exchanged between the peers during the IKE negotiations.

But i dont think its reqd to be keyed in while having VPN client s/w as ur clients..

did u try with that command keyed in the config ??

Also can you try using up with isakmp identity address instead of isakmp identity ??

regds

herve.sauton · ‎11-23-2005

Thanks, i'll try tomorrow.