Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can multiple vpn connections on a cisco pix have individual pre-shared keys?

Posted on 2009-05-11
2
Medium Priority
?
328 Views
Last Modified: 2012-08-13
I have a cisco pix 506 at our corp office and a pix 501e at one of our remote sites. Is the pre-shared key for the vpn connections defined system-wide or can you use a different key for each site? I can't get the vpn up at the new location. I configured a different site only a few months ago and did not run into these problems. Here is the pertinent part of the config for both routers. Any help would be greatly appreciated.

Corp Pix:
pdm location 192.168.16.0 255.255.255.0 outside (remote subnet)

crypto map to_remotes 90 ipsec-isakmp
crypto map to_remotes 90 match address remotesite
crypto map to_remotes 90 set peer xxx.xxx.xxx.xxx (xxx=remote ip)
crypto map to_remotes 90 set transform-set strong
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255

isakmp keepalive 10 5
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400


remote pix:
pdm location 192.168.1.0 255.255.255.0 outside (corp subnet)

crypto map corpsite 90 ipsec-isakmp
crypto map corpsite 90 match address 150
crypto map corpsite 90 set peer xxx.xxx.xxx.xxx (ip of corp pix)
crypto map corpsite 90 set transform-set strong
crypto map corpsite interface outside

isakmp key wathen address xxx.xxx.xxx.xxx netmask 255.255.255.255 (corp pix)
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400

Could the pre-shared key hanging me up? I know the key for these two sites are matching on both ends but I don't think they are the password that was being used for the other locations.
0
Comment
Question by:J C
2 Comments
 
LVL 18

Accepted Solution

by:
Don S. earned 1000 total points
ID: 24359292
Each unique match on the Crypto-map access list can (and probably should) have it's own unique pre-shared key.  Check your access lists - "remotesite" in the first one and "150" in the second one.
0
 

Author Comment

by:J C
ID: 24360458
Can someone give me an example config of what is needed to create this tunnel? I have done it before but I must be missing something. The access lists are fine, I did check that. Does it care about the number of characters in the key?
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question