Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

isakmp key xxx address 0.0.0.0 netmask 0.0.0.0 in PIX 7.0

I have some routers connecting with dynamic IP and I need to create a dynamic L2L VPN with a star topology with a preshared key between the routers and a PIX 525.

I don't know the IP address assigned to the router, but I need to create a L2L VPN to exchange data between the network in the peer and the central network.

In PIX 7.x to connect a L2L you must create a Tunnel Group with the IP address of the peer. If you don't write the IP, appears the following warning message:

WARNING: L2L tunnel-groups that have names which are not an IP address may only be used if the tunnel authentication method is Digitial Certificates and/or The peer is configured to use Aggressive Mode

I've configured the peer in Aggresive Mode but the tunnel is captured by DefaultRAGroup instead the DefaultL2LGroup.

In PIX 6.x to connect L2L networks with dynamic clients the command is:

isakmp key xxx address 0.0.0.0 netmask 0.0.0.0

but the command is deprecated and can't find the equivalent command in PIX 7.0.

Anybody can help me?

Thanks in advance

2 REPLIES
Silver

Re: isakmp key xxx address 0.0.0.0 netmask 0.0.0.0 in PIX 7.0

ACL per ip host

ACL per ip host

capture access-list buffer 1800

Then do:

sh capture

you will see 0 packets captured and some stuff...

New Member

Re: isakmp key xxx address 0.0.0.0 netmask 0.0.0.0 in PIX 7.0

The equivalent commands for l2l VPN in 7.0 are:

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key

Check http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/site2sit.htm#wp1042423

286
Views
0
Helpful
2
Replies
CreatePlease to create content