I am trying to connect Vpn tunnel between VPN3000 (only basegroup with pre-shared key) and Pix 501. The Pix has dynamic assigned ip adress on the outside interface. I get an error "Xauth required but selected Proposal does not support xauth,
Check priorities of ike xauth proposals in ike proposal list" when trying to connect. I have checked the basegroup for IPSEC:SA (ESP-DES-MD5)and then the Configuration | Policy Management | Traffic Management | Security Associations for ESP-DES-MD5. In this configuration the IKE Proposal was set to IKE-DES-MD5. And when i looked in there the Authentication Mode are "preshared keys" as it should be. I don´t no any other place to look. Here is my Pix config.
access-list inside_access_in permit ip any any
access-list outside_access_in permit icmp any any echo-reply
access-list test permit ip 192.168.1.0 255.255.255.0 192.0.0.0 255.255.255.0
access-list crypto-acl permit ip 172.18.18.0 255.255.255.0 192.0.0.0 255.255.255.0
global (outside) 15 interface
nat (inside) 15 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 172.18.18.0 access-list test 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address crypto-acl
crypto map outside_map 20 set peer 192.168.12.12
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 192.168.12.12 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity adress
isakmp keepalive 10 10
isakmp log 100
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
I would be very grateful for an answer /Jonny