Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Easy vpn pix 506 ASA 5510 with only preshare key


I have a question: I have 2 sites: Site A with a PIX 506 as a easy vpn client and site B with a PIX 515 as a easy vpn server . Both running 6.3 IOS.

I plan to replace the Pix 515 with a ASA 5510 running IOS version 8,x.

The setup of the vpn client is

vpnclient server

vpnclient mode network-extension-mode

vpnclient vpngroup xxxx password xxxx

vpnclient enable

The easy vpn server is :

vpngroup xxxx address-pool ippool

vpngroup xxxx dns-server

vpngroup xxxx default-domain

vpngroup xxxx split-tunnel xxx

vpngroup xxxx idle-time 86400

As you see, there is no user needed, the client connect with only the preshare key.

I try to duplicate with my ASA:

access-list ezvpn1 extended permit ip any xxxxxx

group-policy myGROUP internal

group-policy myGROUP attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ezvpn1

secure-unit-authentication disable

nem enable


crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto dynamic-map dynmap 30 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group acces_strom type ipsec-ra

tunnel-group acces_strom general-attributes

default-group-policy myGROUP

tunnel-group xxxxxx ipsec-attributes

pre-shared-key xxxxxx

Can I configure the easy vpn server on my ASA to only use the preshare key? It require a username. Or add a user on my easy vpn client configuration.

Can I configure the pix 506 as a easy vpn server, I will open a vpn session then add the user in the config? I don't want to down the vpn between the 2 site, The remote site is 3 hour from here.

I will replace the 506 with the 515 in the future and configure a L2L vpn.


Community Member

Re: Easy vpn pix 506 ASA 5510 with only preshare key


what vpn all about?

Community Member

Re: Easy vpn pix 506 ASA 5510 with only preshare key


Can I configure pix 506 as an easy vpn server and access it remotely even if it is already configured as an easy vpn client and connected to my pix 515?

Community Member

Re: Easy vpn pix 506 ASA 5510 with only preshare key

I have the read the PIX/ASA 7.x Easy VPN with an ASA 5500 as the Server and PIX 506E as the Client (NEM) Configuration Example

I saw the example PIX-to-PIX 6.x: Easy VPN (NEM) Configuration Example

That is like my actual pix to pix configuration.

But can I configure my ASA 5510 as a easy vpn server without the user authentication?

CreatePlease to create content