Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX isakmp identity adddress vs hostname ?

Hi

how can I specify the hostname if the default is isakmp identity choosen (hostname) ?

And again, I have different peers configured on my PIX, may I use for some identity address and for other hostname ?

Tks

Ric

6 REPLIES
Cisco Employee

Re: PIX isakmp identity adddress vs hostname ?

Ric,

"isakmp identity hostname" is used for certificates matching the FQDN.

If you are not using certificates but pre-shared keys, then it would be "isakmp identity address"

Hope this helps.

Cheers

Gilbert

New Member

Re: PIX isakmp identity adddress vs hostname ?

Thanks Gilbert

what I want to do is use for some peers hostname and for other address.

I'm running Cisco PIX Firewall Version 6.3(4)

Greetings

Ric

Cisco Employee

Re: PIX isakmp identity adddress vs hostname ?

Ric,

Its a catch 22 situation if you are running 6.3.4 version of code. If it was 7.x, then the keyword auto would do the trick for you.

But since you are running 6.3.4, it would just be either address or hostname configuration.

Sorry!!

Rate this post, if it answered your questions.

Gilbert

Silver

Re: PIX isakmp identity adddress vs hostname ?

You can use the command below. I use this to match specific tunnel groups for remote pix's connecting to my main site.

isakmp identity key-id AnyValueHere

Thanks,

Chad

Please rate if this helps!

Cisco Employee

Re: PIX isakmp identity adddress vs hostname ?

Chad,

The PIX version being used here is 6.3.4

Tunnel-groups were introduced in 7.x version of code.

Just my thought.

Cheers

Gilbert

Silver

Re: PIX isakmp identity adddress vs hostname ?

So True!

Was thinking of vpngroups with easyvpn.

Thanks

Chad

257
Views
5
Helpful
6
Replies
CreatePlease to create content