cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
204
Views
0
Helpful
1
Replies

vpn tunnel between vpn3000 and pix 501

cisco7889
Level 1
Level 1

I am trying to connect Vpn tunnel between VPN3000 (only basegroup with pre-shared key) and Pix 501. The Pix has dynamic assigned ip adress on the outside interface. I get an error "Xauth required but selected Proposal does not support xauth,

Check priorities of ike xauth proposals in ike proposal list" when trying to connect. I have checked the basegroup for IPSEC:SA (ESP-DES-MD5)and then the Configuration | Policy Management | Traffic Management | Security Associations for ESP-DES-MD5. In this configuration the IKE Proposal was set to IKE-DES-MD5. And when i looked in there the Authentication Mode are "preshared keys" as it should be. I don´t no any other place to look. Here is my Pix config.

access-list inside_access_in permit ip any any

access-list outside_access_in permit icmp any any echo-reply

access-list test permit ip 192.168.1.0 255.255.255.0 192.0.0.0 255.255.255.0

access-list crypto-acl permit ip 172.18.18.0 255.255.255.0 192.0.0.0 255.255.255.0

global (outside) 15 interface

nat (inside) 15 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 172.18.18.0 access-list test 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address crypto-acl

crypto map outside_map 20 set peer 192.168.12.12

crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 192.168.12.12 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity adress

isakmp keepalive 10 10

isakmp log 100

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

I would be very grateful for an answer /Jonny

1 Reply 1

pradeepde
Level 5
Level 5

If you are using an old version of the PIX(6.1 and before) you may be encountering the bug CSCdz01450. The work around is to upgrade the PIX to a version above 6.2

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: