Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISAKMP Identity Issue

Hi,

I'm trying to get working concurent VPN Remote Access connections and VPN L2L connections with different isakmp identities.

RA VPN clients should connect using PKI (certificates) and L2L equipments with PSK. The issue is:

- When I use crypto isakmp identity dn, RA VPN users get connected but remote non-cisco routers or firewalls don't !

- When I try crypto isakmp identity address, RA VPN users are unable to connect but remote non-cisco equipment yes.

How is it possible to have the two options ???

Thanks for your help.

--

Pierre-Louis

CCIE #22862

1 REPLY

Re: ISAKMP Identity Issue

Pierre,

AFAIK - You can only have one or the other, if you are going to certificates, then the RA users & the remote ends need certs, see the below URL's for Client & L2L config examples:-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aa5be1.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml

Otherwise you are just going to use the external IP of the VPN as the ident.

HTH>

151
Views
0
Helpful
1
Replies