Solved

Can multiple vpn connections on a cisco pix have individual pre-shared keys?

Posted on 2009-05-11
2
322 Views
Last Modified: 2012-08-13
I have a cisco pix 506 at our corp office and a pix 501e at one of our remote sites. Is the pre-shared key for the vpn connections defined system-wide or can you use a different key for each site? I can't get the vpn up at the new location. I configured a different site only a few months ago and did not run into these problems. Here is the pertinent part of the config for both routers. Any help would be greatly appreciated.

Corp Pix:
pdm location 192.168.16.0 255.255.255.0 outside (remote subnet)

crypto map to_remotes 90 ipsec-isakmp
crypto map to_remotes 90 match address remotesite
crypto map to_remotes 90 set peer xxx.xxx.xxx.xxx (xxx=remote ip)
crypto map to_remotes 90 set transform-set strong
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255

isakmp keepalive 10 5
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400


remote pix:
pdm location 192.168.1.0 255.255.255.0 outside (corp subnet)

crypto map corpsite 90 ipsec-isakmp
crypto map corpsite 90 match address 150
crypto map corpsite 90 set peer xxx.xxx.xxx.xxx (ip of corp pix)
crypto map corpsite 90 set transform-set strong
crypto map corpsite interface outside

isakmp key wathen address xxx.xxx.xxx.xxx netmask 255.255.255.255 (corp pix)
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400

Could the pre-shared key hanging me up? I know the key for these two sites are matching on both ends but I don't think they are the password that was being used for the other locations.
0
Comment
Question by:J C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Don S. earned 500 total points
ID: 24359292
Each unique match on the Crypto-map access list can (and probably should) have it's own unique pre-shared key.  Check your access lists - "remotesite" in the first one and "150" in the second one.
0
 

Author Comment

by:J C
ID: 24360458
Can someone give me an example config of what is needed to create this tunnel? I have done it before but I must be missing something. The access lists are fine, I did check that. Does it care about the number of characters in the key?
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 L2TP VPN Windows client to server 10 64
BGP Local Preference 5 80
Cisco VOIP Question 1 70
Logging into A Cisco switch from another switch or router 2 59
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question