Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
608
Views
0
Helpful
0
Comments

VPN Client user cannot connect to the PIX. The user needs to configure DH group 2

TCC_2
Level 10
Level 10

on ‎06-22-2009 04:11 PM

Core issue

If you use a pre-shared key for the Cisco VPN Client version 3.x to connect to the PIX Firewall, you need to configure Diffie-Hellman (DH) group 2 using the isakmp policy priority group 2 command.

Resolution

Check that the Internet Security Association and Key Management Protocol (ISAKMP) policy on the PIX has the correct DH group configured. Your configuration should be similar to this:

isakmp policy 10 authentication pre-share 
isakmp policy 10 encryption des 
isakmp policy 10 hash md5 
isakmp policy 10 group 2 
isakmp policy 10 lifetime 86400

For more information about configuring IPSec, refer to Configuring Cisco Secure PIX Firewall 6.0 and Cisco VPN 3000 Clients Using IPSec.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents