Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can multiple vpn connections on a cisco pix have individual pre-shared keys?

Posted on 2009-05-11
2
Medium Priority
?
327 Views
Last Modified: 2012-08-13
I have a cisco pix 506 at our corp office and a pix 501e at one of our remote sites. Is the pre-shared key for the vpn connections defined system-wide or can you use a different key for each site? I can't get the vpn up at the new location. I configured a different site only a few months ago and did not run into these problems. Here is the pertinent part of the config for both routers. Any help would be greatly appreciated.

Corp Pix:
pdm location 192.168.16.0 255.255.255.0 outside (remote subnet)

crypto map to_remotes 90 ipsec-isakmp
crypto map to_remotes 90 match address remotesite
crypto map to_remotes 90 set peer xxx.xxx.xxx.xxx (xxx=remote ip)
crypto map to_remotes 90 set transform-set strong
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255

isakmp keepalive 10 5
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400


remote pix:
pdm location 192.168.1.0 255.255.255.0 outside (corp subnet)

crypto map corpsite 90 ipsec-isakmp
crypto map corpsite 90 match address 150
crypto map corpsite 90 set peer xxx.xxx.xxx.xxx (ip of corp pix)
crypto map corpsite 90 set transform-set strong
crypto map corpsite interface outside

isakmp key wathen address xxx.xxx.xxx.xxx netmask 255.255.255.255 (corp pix)
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400

Could the pre-shared key hanging me up? I know the key for these two sites are matching on both ends but I don't think they are the password that was being used for the other locations.
0
Comment
Question by:J C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Don S. earned 1000 total points
ID: 24359292
Each unique match on the Crypto-map access list can (and probably should) have it's own unique pre-shared key.  Check your access lists - "remotesite" in the first one and "150" in the second one.
0
 

Author Comment

by:J C
ID: 24360458
Can someone give me an example config of what is needed to create this tunnel? I have done it before but I must be missing something. The access lists are fine, I did check that. Does it care about the number of characters in the key?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question