Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 506 to Cisco 2800 IPsec VPN, no shared keys howto.

Hello good morning ! Well let's see . . . I have to do a IPSec VPN from a on-production PIX506 to an on-production 2800 VPN concentrator, but it's a kind of tunnel that is not using pre-shared keys to AUTH. It's the kind of tunnel that uses only a determined public IP to connect to each other side of the tunnel. Now, do you know how to configure the pix properly to get this running ? I can't find any document that explains how to a tunnel without a pre-shared key or other kind of auth.

On the Cisco 2800 we already have 3 tunnels working that way and the config look like this:

crypto map SDM_CMAP_1 3 ipsec-isakmp

description mycryptomap

set peer xx.xxx.xx.115

set security-association lifetime seconds 86400

set transform-set ESP-3DES-SHA1

match address 105

Nothing more a part of the transform set and few low level config is done to get the tunnel working, so any idea on how to connect there with the PIX ?

2 REPLIES

Re: PIX 506 to Cisco 2800 IPsec VPN, no shared keys howto.

you have the key or cerificate

show your crypto iskmp policy

New Member

Re: PIX 506 to Cisco 2800 IPsec VPN, no shared keys howto.

Those cryptomaps are not taking any of the isakmp policy. The isakmp policy show 3des and pre-shared keys but that is for easy VPN customers. Those 3 tunnels are not using those policies

252
Views
0
Helpful
2
Replies
CreatePlease login to create content